last executing test programs: 1m22.194869494s ago: executing program 0 (id=64): r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0xa002, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, r0, 0x3}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x4, 0x10, &(0x7f00000008c0)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000300000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000000000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001bc0)={r2, 0x0, 0x138, 0x4c, &(0x7f0000001cc0)="633268f83ca3000000a2029e3815bb2fa117d8326687688b2c969fd7267d546214af00d1ca2524d00f9e4d9555f3ab381b5d44fd6bda8c509e66101d296f10c805252e7c5d48d9814f46db8f07441878734b13270fe47fba418b7358984b9a61c2bbf964a520459fd0d90590b46cf1677d580a26933b6e35aee75996b73a15a25aa8ae2f1f9bc9699a505c0dc4050ab2255fc35f508ccc52f10ac12febf28652fe36f725714868675ca2a7042ab4b26904b2f000589694f69ab0b22a5aec72c5036ce1c8974690045e4ab412a70336b4c65b2dfc8121af4143c2e10a0e5632bcd44e0b000029da424d86f298656822dae2c002e289fbfa6fe0dfb2fd57713a7684dc166c628dc45027ac174c5db54f22e409eb4e94263dbc9919f90f1af3290918b9824c3e0268b300bf69cc2eb3fc58f655439bdbe2b905", &(0x7f0000000100)=""/76, 0x4000, 0x0, 0x47, 0x50, &(0x7f0000001ac0)="9c01bd6f9a6028c80d7364240fd78867d9d62eca43c565f2c5ac65dd4a0fadceb6c65dcb07f2421e69087e0f17b4eb709e4805f2722709c46bef17c4cb9aed9fb1c342179ea349", &(0x7f0000001a40)="408fd0050dc7945b483103067eca9bd26ffbe35abf0f88a103f6893dc2b1d1cdc2195d4ae89abc04ff5fe5d2466892c81015df835a7d47be4f852161bc4015e7564b08584290fe1762f943a653008ac5", 0x1, 0x0, 0x13}, 0x50) 1m22.194441007s ago: executing program 0 (id=65): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) getsockopt$sock_buf(r1, 0x1, 0x22, 0x0, &(0x7f0000001780)) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=@newlink={0x3c, 0x10, 0xffffffffffffffff, 0x70bd28, 0x25dfdbfa, {0x0, 0x0, 0x0, 0x0, 0x30a28, 0x59629}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_ROUTER={0x5, 0x16, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48094}, 0x240400c0) 1m22.134399427s ago: executing program 0 (id=66): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', 0x0}) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010026bd70000400000005000000080009000200000008000c000300000008000b00000000000600010007"], 0x40}}, 0x20) r6 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r7 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x40) ioctl$BTRFS_IOC_WAIT_SYNC(r7, 0x40089416, 0x0) syz_usb_disconnect(r7) syz_usb_connect$cdc_ncm(0x2, 0xa0, &(0x7f0000000380)=ANY=[@ANYBLOB="1201500202000010"], 0x0) ioctl$EVIOCRMFF(r7, 0x40045506, &(0x7f0000000500)) writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)="9f", 0x1}], 0x1) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000001c0)={r1, 0x1, 0x6, @local}, 0x10) r8 = socket$netlink(0x10, 0x3, 0x4) write(r8, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) 1m20.973670003s ago: executing program 0 (id=91): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000000)='binfmt_misc\x00', 0xc00, 0x0) (async) chroot(&(0x7f0000000100)='./file0\x00') (async) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) (async) pivot_root(&(0x7f0000007b00)='./file0/../file0\x00', &(0x7f0000000280)='./file0\x00') (async) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_BIND(r1, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {0xffffffffffffffff, 0x30, 0x0, @ib={0x1b, 0x8001, 0x38, {"f16b2400"}, 0x5, 0x2, 0x1ff}}}, 0x90) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0) sendmsg$NL80211_CMD_GET_WIPHY(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000540)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01030000000000000000010000000800010014000000080003"], 0x30}}, 0x44) 1m20.973250175s ago: executing program 0 (id=92): r0 = socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) (async) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) (async, rerun: 64) syz_emit_ethernet(0x42, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaa9000000000000608004904003400654000042190780a010101ac14140c8308a464e654cfbe86060000000200004e214e22045190780400000000000000"], 0x0) (async, rerun: 64) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$netlink(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYRESOCT=0x0], 0x1c}], 0x1, 0x0, 0x0, 0x4000}, 0x0) 1m20.754561353s ago: executing program 0 (id=93): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) (async) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002", 0x17}], 0x1}, 0x0) (async) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a0400", 0x14}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b) r0 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='debugfs\x00', 0x0, 0x0) (async) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000280)={{{@in=@loopback, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@empty}}, &(0x7f0000000040)=0xe8) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x20, &(0x7f0000000380)={[{@uid={'uid', 0x3d, r1}}, {@grpquota}], [{@dont_hash}, {@fscontext={'fscontext', 0x3d, 'user_u'}}, {@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}]}) 1m20.710284705s ago: executing program 32 (id=93): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) (async) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002", 0x17}], 0x1}, 0x0) (async) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a0400", 0x14}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b) r0 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='debugfs\x00', 0x0, 0x0) (async) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000280)={{{@in=@loopback, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@empty}}, &(0x7f0000000040)=0xe8) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x20, &(0x7f0000000380)={[{@uid={'uid', 0x3d, r1}}, {@grpquota}], [{@dont_hash}, {@fscontext={'fscontext', 0x3d, 'user_u'}}, {@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}]}) 5.015864103s ago: executing program 2 (id=657): openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) 4.054122496s ago: executing program 2 (id=663): socket$packet(0x11, 0x2, 0x300) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRESDEC, @ANYRESOCT=0x0], 0x20) socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = semget$private(0x0, 0x6, 0x0) semtimedop(r2, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0) semop(r2, &(0x7f0000001240)=[{0x2, 0x0, 0x2000}], 0x1) r3 = syz_open_procfs(0x0, &(0x7f0000000100)='io\x00') preadv(r3, &(0x7f00000000c0)=[{&(0x7f0000000340)=""/230, 0xe6}, {&(0x7f0000000200)=""/102, 0x66}], 0x2, 0x401, 0x9) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f00000016c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r4, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000a1c59636e8de7e09d24c8cd1dd5af2419a52e6b90181cce5e92e010fd1342b73b128a1ccfb6500f092429585eeeffe86cfcbe734179ff4b6b703d5253d85c46e87368c0998a7135f0cb713482dd7a6e2f0a46ed3a0d623c6793e2dae997be6228e7b15a8fe5aabe55932096c52ac6c1f79ce502b389e6ee102fe9a46f7f1643f8e8eadae713cdb4f29425e8fe90c19c2d6328ee1f2ceb7927df39379329f8dc2fb248915bb53fab097c6aa57bc1eed68bbc487077ec2c62e83d5b6b88cc778960ecd11b0dde8b366defbcfc95a5e113bfdbf25aad9575454d258437a11d4ee833d80d32db00f42dd68f5b76fc963b3418911551b3cd43280a151665d1afa6e06c2308e82dbbe41201a83a78f1519ba36ecaaaadf215f4f1ef318940e98e46b95347ce64fae033c1d8f2027f47c093b258def8c0722dfdede9d14087c283a9c4173963b3ba866af51dbf3b62f7d0f7e3b2de729f2b8ca83115b854619e9a71be3ac0258db9eed17701f8040cacf421ce4949af38b2cbbab146674ddd66bce074dd76a6a", @ANYRES16=r5, @ANYBLOB="b16950000000000000004a"], 0x14}}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x800006, 0x8, 0x0, 0x3}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) close(r6) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000) openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, 0x0}) socket$nl_route(0x10, 0x3, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x19, 0x0, 0x0) r7 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000140)={'team_slave_0\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0xffffffff, 0x0, 0x0, 0x4, 0x2, 0x1}}) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_stats}) 3.983985201s ago: executing program 1 (id=666): socket$packet(0x11, 0x3, 0x300) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[], 0x4c}}, 0x0) sendto$packet(r0, &(0x7f00000004c0)="7a7d796c63125f087a1139248d2d17446379fb69952dcdeab044bc7a059cb481467d372fde4effc690", 0x29, 0x94, &(0x7f0000000140)={0x11, 0x86dd, r2, 0x1, 0x6, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14) 3.911421366s ago: executing program 1 (id=667): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x34, r3, 0x1, 0x70bd2c, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x4}]}, 0x34}}, 0x20000084) 3.556786946s ago: executing program 3 (id=672): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='cq_alloc_error\x00', 0xffffffffffffffff, 0x0, 0x474}, 0x18) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002ec0)=[{{&(0x7f00000000c0)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10, 0x0, 0x0, &(0x7f00000002c0)=[@ip_retopts={{0x10}}], 0x10}}], 0x1, 0x4000854) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) 3.555159752s ago: executing program 4 (id=673): bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xc, 0x3, 0x4, 0x8001}, 0x50) 3.453840869s ago: executing program 4 (id=674): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r3 = request_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000180)='\x00', 0xfffffffffffffffa) pipe2$watch_queue(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r5 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe) keyctl$KEYCTL_WATCH_KEY(0x20, r5, r4, 0x0) pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r5, r6, 0xffffffffffffffff) keyctl$unlink(0x9, r3, r5) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_mreq(r7, 0x29, 0x1b, &(0x7f0000000140)={@remote}, 0x14) setsockopt$inet6_mreq(r7, 0x29, 0x14, &(0x7f0000000080)={@mcast1}, 0x14) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x62c0c3) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r8, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00'}) r9 = socket$rxrpc(0x21, 0x2, 0xa) listen(r9, 0x2000000) 3.074194562s ago: executing program 2 (id=675): socket$packet(0x11, 0x3, 0x300) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[], 0x4c}}, 0x0) sendto$packet(r0, &(0x7f00000004c0)="7a7d796c63125f087a1139248d2d17446379fb69952dcdeab044bc7a059cb481467d372fde4effc690", 0x29, 0x94, &(0x7f0000000140)={0x11, 0x86dd, r2, 0x1, 0x6, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14) 3.07394492s ago: executing program 2 (id=676): sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x85}, 0x8000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x51, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mkdir(0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000480)=ANY=[@ANYRES32=r0, @ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r2, 0xffffffffffffffff}, &(0x7f00000002c0), 0x0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = add_key$keyring(&(0x7f0000000340), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$restrict_keyring(0xa, r4, &(0x7f0000000300)='asymmetric\x00', 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r5) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x3, @empty, 0x1}, 0x1c) listen(r6, 0x1) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r8 = accept(r5, 0x0, 0x0) connect$unix(r8, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e21}, 0x6e) 2.663560733s ago: executing program 3 (id=677): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x6, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000f80)=@newsa={0x10c, 0x1a, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in6=@dev={0xfe, 0x80, '\x00', 0x11}, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x3a, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2}, {0x0, 0x94e, 0x7}, {0x40000, 0x1, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@etimer_thresh={0x8, 0xc, 0x3}, @coaddr={0x14, 0xe, @in6=@remote}]}, 0x10c}}, 0x4000084) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) msgget(0x0, 0x40) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r2, 0xc01064c2, &(0x7f0000000040)) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000001c0)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000200)={r3}) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000001c0)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000200)={r4}) ioctl$DRM_IOCTL_SYNCOBJ_SIGNAL(r2, 0xc01064c5, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000540)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc", 0x8) semctl$GETNCNT(0x0, 0x0, 0xe, &(0x7f0000000400)=""/187) r6 = accept4(r5, 0x0, 0x0, 0x0) recvmsg$can_raw(r6, 0x0, 0x10000) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) ioctl$TIOCSWINSZ(0xffffffffffffffff, 0x5414, &(0x7f0000000280)={0x3, 0x8, 0x4, 0x7}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000038c0)=ANY=[], 0x4f80}}, 0x4000000) 2.538199846s ago: executing program 4 (id=678): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80800) setsockopt$sock_int(r1, 0x1, 0x20, &(0x7f0000000940)=0x1000008, 0x4) sendmsg$MPTCP_PM_CMD_ANNOUNCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001600)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x4000}, 0x4048002) sendmmsg$alg(r1, 0x0, 0x0, 0x40800) sendto$x25(r1, &(0x7f0000000540)="8d", 0x1, 0x81, 0x0, 0x0) 2.534441181s ago: executing program 4 (id=679): sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x85}, 0x8000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x51, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mkdir(0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000480)=ANY=[@ANYRES32=r0, @ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r2, 0xffffffffffffffff}, &(0x7f00000002c0), 0x0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r4) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x3, @empty, 0x1}, 0x1c) listen(r5, 0x1) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r7 = accept(r4, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0x20000814}, 0x4000810) connect$unix(r7, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e21}, 0x6e) 2.323040939s ago: executing program 1 (id=680): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)={0x20, r1, 0x1, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4040081}, 0xc080) 2.233637383s ago: executing program 1 (id=681): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x2000040) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r3 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) mknodat$null(r3, &(0x7f0000000040)='./file1/file0\x00', 0x0, 0x103) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x8) 1.708450883s ago: executing program 2 (id=682): syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getgroups(0x449a065a, 0xfffffffffffffffe) 1.593987267s ago: executing program 3 (id=683): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8f9, 0x9f94, &(0x7f00000007c0)) acct(0x0) 1.59365493s ago: executing program 3 (id=684): socket$packet(0x11, 0x3, 0x300) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[], 0x4c}}, 0x0) sendto$packet(r0, &(0x7f00000004c0)="7a7d796c63125f087a1139248d2d17446379fb69952dcdeab044bc7a059cb481467d372fde4effc690", 0x29, 0x94, &(0x7f0000000140)={0x11, 0x86dd, r2, 0x1, 0x6, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14) 1.593378132s ago: executing program 4 (id=685): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=@newtfilter={0x48, 0x2c, 0xd27, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xe, 0x7}, {}, {0x1001d, 0x6}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x14, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xa00}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0xfffffffffffffecc}]}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x0) 1.54439282s ago: executing program 3 (id=686): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$unix(0x1, 0x2, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan1\x00'}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x91}, 0x24044884) 1.543969635s ago: executing program 3 (id=687): openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0) io_setup(0x8, &(0x7f0000004200)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xfff7fffffffffff5}, 0x18) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x200, 0x1) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)={0x6, 'dvmrp1\x00'}) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x0, @dev, 0x4e24, 0x2, 'sed\x00', 0x0, 0xfffffffc}, 0x2c) mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f0000000000)) setgroups(0x0, 0x0) setregid(0xffffffffffffffff, 0x0) socket$inet(0x2, 0x2, 0x1) socket$nl_route(0x10, 0x3, 0x0) pipe2$9p(0x0, 0x80000) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYRES16], 0x15) pipe2$9p(0x0, 0x80800) stat(&(0x7f00000000c0)='./cgroup.net/devices.allow\x00', 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000180)='./cgroup.net/devices.allow\x00', &(0x7f0000000080), 0x2000040, 0x0) 1.341495058s ago: executing program 4 (id=688): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x200000000000}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x2, @in=@broadcast, 0x6, 0x4, 0x1}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x800}, 0x0) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x34, r3, 0x1, 0x70bd2c, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x4}]}, 0x34}}, 0x20000084) 1.340917209s ago: executing program 1 (id=689): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)={0x20, r1, 0x1, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4040081}, 0xc080) 1.24219864s ago: executing program 1 (id=690): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x10a) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x100) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000140)='./file1\x00', 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000001a00)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x40}}, 0x10) setsockopt$inet_udp_int(r2, 0x11, 0x67, &(0x7f0000000080)=0x6, 0x4) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r3, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r4 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x3e, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x5}}, 0xe8) ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, 0x0) sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)={0x2, 0x6, 0x2, 0x0, 0x2, 0x0, 0x2}, 0x10}}, 0x0) connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4e20, 0xffffffff, @empty, 0x5}, 0x1c) r6 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r6, {0x2, 0x0, @dev}, 0x2}}, 0x2e) ioctl$PPPIOCGL2TPSTATS(0xffffffffffffffff, 0x80487436, &(0x7f0000000080)) read$FUSE(0xffffffffffffffff, &(0x7f0000000300)={0x2020}, 0x2020) r7 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_buf(r7, 0x1, 0x31, 0x0, &(0x7f00000001c0)) mkdirat(r1, 0x0, 0x2) 0s ago: executing program 2 (id=691): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x2c, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x101}]}}}]}, @NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}, {0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xf8}}, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$kcm(0x2, 0x1, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000140)={r1, 0x7, 0x0, 0x400}) setsockopt$sock_attach_bpf(r2, 0x1, 0x4a, 0x0, 0x0) r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) readv(r5, &(0x7f0000000040), 0x0) sendmsg$netlink(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100001e0001eb25bd70000000000001"], 0x114}], 0x1}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) ioctl$sock_TIOCINQ(r4, 0x541b, &(0x7f0000000100)) kernel console output (not intermixed with test programs): [ 38.046176][ T40] audit: type=1400 audit(1757553893.417:60): avc: denied { rlimitinh } for pid=5875 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 38.053293][ T40] audit: type=1400 audit(1757553893.417:61): avc: denied { siginh } for pid=5875 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '[localhost]:43804' (ED25519) to the list of known hosts. [ 39.280394][ T40] audit: type=1400 audit(1757553894.667:62): avc: denied { name_bind } for pid=5888 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 39.304621][ T40] audit: type=1400 audit(1757553894.697:63): avc: denied { write } for pid=5889 comm="sh" path="pipe:[8249]" dev="pipefs" ino=8249 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 39.322858][ T40] audit: type=1400 audit(1757553894.717:64): avc: denied { execute } for pid=5889 comm="sh" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 39.329483][ T40] audit: type=1400 audit(1757553894.717:65): avc: denied { execute_no_trans } for pid=5889 comm="sh" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 41.320953][ T40] audit: type=1400 audit(1757553896.707:66): avc: denied { mounton } for pid=5889 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 41.324321][ T5889] cgroup: Unknown subsys name 'net' [ 41.534376][ T5889] cgroup: Unknown subsys name 'cpuset' [ 41.539578][ T5889] cgroup: Unknown subsys name 'rlimit' [ 41.730098][ T5956] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 42.394862][ T5889] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.604365][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 45.604379][ T40] audit: type=1400 audit(1757553900.997:80): avc: denied { execmem } for pid=5964 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 45.818513][ T40] audit: type=1400 audit(1757553901.207:81): avc: denied { create } for pid=5967 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.827415][ T40] audit: type=1400 audit(1757553901.207:82): avc: denied { read write } for pid=5967 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 45.834781][ T40] audit: type=1400 audit(1757553901.207:83): avc: denied { open } for pid=5967 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 45.842019][ T40] audit: type=1400 audit(1757553901.217:84): avc: denied { ioctl } for pid=5967 comm="syz-executor" path="socket:[5519]" dev="sockfs" ino=5519 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.879399][ T5974] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 45.883085][ T5974] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 45.885508][ T5973] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.887548][ T5977] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 45.889722][ T5973] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.892428][ T5977] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 45.894518][ T5973] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.897643][ T5978] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 45.900252][ T5973] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.905858][ T40] audit: type=1400 audit(1757553901.297:85): avc: denied { read } for pid=5971 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 45.910794][ T5970] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 45.913203][ T5332] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 45.915708][ T5970] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 45.920467][ T5332] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 45.922724][ T40] audit: type=1400 audit(1757553901.297:86): avc: denied { open } for pid=5971 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 45.922748][ T40] audit: type=1400 audit(1757553901.317:87): avc: denied { mounton } for pid=5971 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 45.932345][ T63] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 45.933446][ T5982] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 45.934132][ T5982] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 45.934628][ T5982] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 45.935388][ T5982] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 45.935847][ T5982] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 45.951481][ T63] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 46.152259][ T40] audit: type=1400 audit(1757553901.547:88): avc: denied { module_request } for pid=5971 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 46.198283][ T5971] chnl_net:caif_netlink_parms(): no params data found [ 46.239214][ T5975] chnl_net:caif_netlink_parms(): no params data found [ 46.296039][ T5967] chnl_net:caif_netlink_parms(): no params data found [ 46.354589][ T5971] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.358002][ T5971] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.361005][ T5971] bridge_slave_0: entered allmulticast mode [ 46.364725][ T5971] bridge_slave_0: entered promiscuous mode [ 46.372754][ T5971] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.375592][ T5971] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.378585][ T5971] bridge_slave_1: entered allmulticast mode [ 46.382147][ T5971] bridge_slave_1: entered promiscuous mode [ 46.389054][ T5979] chnl_net:caif_netlink_parms(): no params data found [ 46.499240][ T5971] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.558451][ T5971] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.638964][ T5975] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.642076][ T5975] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.644887][ T5975] bridge_slave_0: entered allmulticast mode [ 46.648315][ T5975] bridge_slave_0: entered promiscuous mode [ 46.651701][ T5967] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.654313][ T5967] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.656530][ T5967] bridge_slave_0: entered allmulticast mode [ 46.659309][ T5967] bridge_slave_0: entered promiscuous mode [ 46.664361][ T5967] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.667028][ T5967] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.669296][ T5967] bridge_slave_1: entered allmulticast mode [ 46.671908][ T5967] bridge_slave_1: entered promiscuous mode [ 46.676023][ T5971] team0: Port device team_slave_0 added [ 46.706694][ T5975] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.708948][ T5975] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.712146][ T5975] bridge_slave_1: entered allmulticast mode [ 46.714902][ T5975] bridge_slave_1: entered promiscuous mode [ 46.767581][ T5971] team0: Port device team_slave_1 added [ 46.769749][ T5979] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.772274][ T5979] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.774748][ T5979] bridge_slave_0: entered allmulticast mode [ 46.777271][ T5979] bridge_slave_0: entered promiscuous mode [ 46.796862][ T5967] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.829546][ T5979] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.832199][ T5979] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.834464][ T5979] bridge_slave_1: entered allmulticast mode [ 46.837064][ T5979] bridge_slave_1: entered promiscuous mode [ 46.854904][ T5975] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.859030][ T5967] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.864005][ T5971] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.866814][ T5971] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.877398][ T5971] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.904967][ T5975] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.949361][ T5971] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.952120][ T5971] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.962084][ T5971] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.968436][ T5979] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.000767][ T5967] team0: Port device team_slave_0 added [ 47.010582][ T5967] team0: Port device team_slave_1 added [ 47.015064][ T5979] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.034270][ T5975] team0: Port device team_slave_0 added [ 47.039307][ T5975] team0: Port device team_slave_1 added [ 47.172155][ T5979] team0: Port device team_slave_0 added [ 47.197455][ T5975] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.199594][ T5975] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.208386][ T5975] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.212355][ T5967] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.214656][ T5967] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.222868][ T5967] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.228920][ T5979] team0: Port device team_slave_1 added [ 47.289713][ T5975] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.292775][ T5975] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.303730][ T5975] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.308729][ T5967] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.311674][ T5967] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.320994][ T5967] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.353592][ T5971] hsr_slave_0: entered promiscuous mode [ 47.356626][ T5971] hsr_slave_1: entered promiscuous mode [ 47.366068][ T5979] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.368307][ T5979] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.377372][ T5979] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.382741][ T5979] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.384889][ T5979] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.392947][ T5979] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.477304][ T5967] hsr_slave_0: entered promiscuous mode [ 47.480498][ T5967] hsr_slave_1: entered promiscuous mode [ 47.483754][ T5967] debugfs: 'hsr0' already exists in 'hsr' [ 47.486230][ T5967] Cannot create hsr debugfs directory [ 47.506383][ T5975] hsr_slave_0: entered promiscuous mode [ 47.508656][ T5975] hsr_slave_1: entered promiscuous mode [ 47.510847][ T5975] debugfs: 'hsr0' already exists in 'hsr' [ 47.513847][ T5975] Cannot create hsr debugfs directory [ 47.636878][ T5979] hsr_slave_0: entered promiscuous mode [ 47.639044][ T5979] hsr_slave_1: entered promiscuous mode [ 47.641037][ T5979] debugfs: 'hsr0' already exists in 'hsr' [ 47.643106][ T5979] Cannot create hsr debugfs directory [ 47.893071][ T5971] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 47.899909][ T5971] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 47.905085][ T5971] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 47.913762][ T5971] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 47.922444][ T5974] Bluetooth: hci0: command tx timeout [ 47.922450][ T63] Bluetooth: hci1: command tx timeout [ 47.947495][ T5975] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 47.952420][ T5975] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 47.960843][ T5975] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 47.965870][ T5975] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 48.011956][ T5974] Bluetooth: hci2: command tx timeout [ 48.013158][ T63] Bluetooth: hci3: command tx timeout [ 48.015028][ T5979] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 48.021204][ T5979] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 48.026813][ T5979] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 48.044454][ T5979] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 48.089592][ T5967] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 48.094013][ T5967] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 48.098446][ T5967] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 48.102295][ T5967] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 48.120992][ T5971] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.156334][ T5971] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.162368][ T1145] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.164746][ T1145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.188788][ T89] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.191953][ T89] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.197072][ T5975] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.225431][ T5975] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.239993][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.242473][ T1144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.246523][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.248746][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.275395][ T5967] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.297488][ T5979] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.317147][ T5967] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.338062][ T5979] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.342326][ T89] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.344684][ T89] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.353420][ T89] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.357009][ T89] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.360139][ T40] audit: type=1400 audit(1757553903.747:89): avc: denied { sys_module } for pid=5971 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 48.370423][ T89] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.372729][ T89] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.396168][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.398991][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.470390][ T5971] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.489703][ T5975] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.519963][ T5971] veth0_vlan: entered promiscuous mode [ 48.530284][ T5971] veth1_vlan: entered promiscuous mode [ 48.539707][ T5975] veth0_vlan: entered promiscuous mode [ 48.552615][ T5975] veth1_vlan: entered promiscuous mode [ 48.566441][ T5967] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.570542][ T5979] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.585931][ T5971] veth0_macvtap: entered promiscuous mode [ 48.595517][ T5971] veth1_macvtap: entered promiscuous mode [ 48.609831][ T5975] veth0_macvtap: entered promiscuous mode [ 48.618678][ T5975] veth1_macvtap: entered promiscuous mode [ 48.627859][ T5971] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.650262][ T5971] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.656319][ T5967] veth0_vlan: entered promiscuous mode [ 48.672415][ T5975] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.677385][ T1145] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.680461][ T1145] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.687848][ T5967] veth1_vlan: entered promiscuous mode [ 48.694100][ T1145] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.697806][ T1145] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.702232][ T5979] veth0_vlan: entered promiscuous mode [ 48.710043][ T5975] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.723155][ T5979] veth1_vlan: entered promiscuous mode [ 48.729563][ T1144] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.733139][ T1144] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.742312][ T1144] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.756352][ T89] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.786760][ T5967] veth0_macvtap: entered promiscuous mode [ 48.787278][ T89] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.791162][ T89] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.794809][ T5979] veth0_macvtap: entered promiscuous mode [ 48.801133][ T5967] veth1_macvtap: entered promiscuous mode [ 48.804463][ T5979] veth1_macvtap: entered promiscuous mode [ 48.817592][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.820452][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.838212][ T5967] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.846539][ T5967] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.850869][ T5979] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.861362][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.863910][ T59] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.865079][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.868930][ T5979] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.878597][ T59] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.880706][ T5971] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 48.882132][ T59] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.901565][ T59] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.905121][ T59] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.908242][ T59] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.920233][ T6055] netlink: 'syz.2.3': attribute type 11 has an invalid length. [ 48.920559][ T59] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.923347][ T6055] netlink: 'syz.2.3': attribute type 4 has an invalid length. [ 48.927573][ T59] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.930072][ T6055] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3'. [ 48.943982][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.948793][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.994239][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.001199][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.020711][ T6060] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1'. [ 49.024164][ T6060] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1'. [ 49.025414][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.029617][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.116825][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.119493][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.128835][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.133047][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.164221][ T6060] Zero length message leads to an empty skb [ 49.226293][ T6072] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7'. [ 49.235902][ T6072] netlink: 'syz.0.7': attribute type 10 has an invalid length. [ 49.239267][ T6072] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 49.244028][ T6072] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 49.265072][ T6076] syz.3.8 uses obsolete (PF_INET,SOCK_PACKET) [ 49.359086][ T6092] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 49.528425][ T6105] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14'. [ 49.550446][ T6107] netlink: 'syz.0.15': attribute type 21 has an invalid length. [ 49.552867][ T6107] IPv6: NLM_F_CREATE should be specified when creating new route [ 49.594542][ T6109] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16'. [ 49.597277][ T6109] netlink: 12 bytes leftover after parsing attributes in process `syz.0.16'. [ 49.600163][ T6109] netlink: 'syz.0.16': attribute type 19 has an invalid length. [ 49.634672][ T6114] futex_wake_op: syz.0.17 tries to shift op by -1; fix this program [ 49.641205][ T6116] process 'syz.0.17' launched '/dev/fd/3' with NULL argv: empty string added [ 49.756924][ T6120] program syz.0.19 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 49.759629][ T6120] ata1.00: invalid transfer count 0 [ 50.002478][ T63] Bluetooth: hci1: command tx timeout [ 50.004619][ T63] Bluetooth: hci0: command tx timeout [ 50.081588][ T5974] Bluetooth: hci3: command tx timeout [ 50.092207][ T5974] Bluetooth: hci2: command tx timeout [ 50.243069][ T6157] netlink: 12 bytes leftover after parsing attributes in process `syz.2.30'. [ 50.322800][ T6163] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 50.380437][ T6170] netlink: 36 bytes leftover after parsing attributes in process `syz.2.35'. [ 50.658782][ T40] kauditd_printk_skb: 110 callbacks suppressed [ 50.658793][ T40] audit: type=1400 audit(1757553906.047:200): avc: denied { read write } for pid=6179 comm="syz.2.38" name="fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 50.668408][ T40] audit: type=1400 audit(1757553906.047:201): avc: denied { open } for pid=6179 comm="syz.2.38" path="/dev/fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 50.676680][ T40] audit: type=1400 audit(1757553906.047:202): avc: denied { read } for pid=6179 comm="syz.2.38" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 50.684598][ T40] audit: type=1400 audit(1757553906.047:203): avc: denied { open } for pid=6179 comm="syz.2.38" path="/dev/ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 50.692899][ T40] audit: type=1400 audit(1757553906.047:204): avc: denied { ioctl } for pid=6179 comm="syz.2.38" path="/dev/ppp" dev="devtmpfs" ino=730 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 50.704144][ T40] audit: type=1400 audit(1757553906.067:205): avc: denied { name_bind } for pid=6184 comm="syz.0.39" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 50.711266][ T40] audit: type=1400 audit(1757553906.067:206): avc: denied { node_bind } for pid=6184 comm="syz.0.39" saddr=::ffff:172.20.20.46 src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 50.719013][ T40] audit: type=1400 audit(1757553906.087:207): avc: denied { connect } for pid=6186 comm="syz.2.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 50.759081][ T40] audit: type=1400 audit(1757553906.147:208): avc: denied { create } for pid=6199 comm="syz.0.43" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 50.767264][ T40] audit: type=1400 audit(1757553906.147:209): avc: denied { ioctl } for pid=6199 comm="syz.0.43" path="socket:[10505]" dev="sockfs" ino=10505 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 50.792592][ T6202] nft_compat: unsupported protocol 0 [ 50.867783][ T6213] ip6tnl2: entered promiscuous mode [ 50.869455][ T6213] ip6tnl2: entered allmulticast mode [ 50.950299][ T6220] Bluetooth: MGMT ver 1.23 [ 50.960565][ T6224] SELinux: syz.1.50 (6224) set checkreqprot to 1. This is no longer supported. [ 50.971686][ T6224] tmpfs: Bad value for 'mpol' [ 51.055243][ T6231] binder: 6227:6231 ioctl c0046209 9999999999999999 returned -22 [ 51.058946][ T6231] SELinux: policydb table sizes (4,0) do not match mine (8,7) [ 51.062321][ T6231] SELinux: failed to load policy [ 51.206924][ T6240] netlink: 104 bytes leftover after parsing attributes in process `syz.3.56'. [ 51.575626][ T6258] netlink: 'syz.0.62': attribute type 1 has an invalid length. [ 51.707170][ T6266] bridge1: entered allmulticast mode [ 51.804903][ T6274] Illegal XDP return value 4294967274 on prog (id 7) dev syz_tun, expect packet loss! [ 52.006516][ T6283] loop8: detected capacity change from 0 to 530 [ 52.011660][ T5968] loop8: [CUMANA/ADFS] p1 [ADFS] p1 [ 52.014075][ T5968] loop8: partition table partially beyond EOD, truncated [ 52.017877][ T5968] loop8: p1 size 2479356556 extends beyond EOD, truncated [ 52.027258][ T6283] loop8: [CUMANA/ADFS] p1 [ADFS] p1 [ 52.029023][ T6283] loop8: partition table partially beyond EOD, truncated [ 52.033245][ T6283] loop8: p1 size 2479356556 extends beyond EOD, truncated [ 52.071441][ T5968] udevd[5968]: inotify_add_watch(7, /dev/loop8p1, 10) failed: No such file or directory [ 52.082161][ T5974] Bluetooth: hci0: command tx timeout [ 52.082188][ T63] Bluetooth: hci1: command tx timeout [ 52.083748][ T5968] udevd[5968]: inotify_add_watch(7, /dev/loop8p1, 10) failed: No such file or directory [ 52.171400][ T63] Bluetooth: hci2: command tx timeout [ 52.171954][ T5974] Bluetooth: hci3: command tx timeout [ 52.201374][ T61] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 52.214560][ T6300] macvlan0: entered promiscuous mode [ 52.216362][ T6300] macvlan0: entered allmulticast mode [ 52.218093][ T6300] veth1_vlan: entered allmulticast mode [ 52.225711][ T6300] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 52.250819][ T6300] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 52.343567][ T6303] hugetlbfs: Unknown parameter '66£tQ\oþsjÛ¼size' [ 52.366030][ T6268] veth0: entered promiscuous mode [ 52.372608][ T6267] veth0: left promiscuous mode [ 52.375031][ T61] usb 5-1: unable to get BOS descriptor or descriptor too short [ 52.378567][ T6305] Failed to enqueue queue_pair DETACH event datagram for context (ID=0x0) [ 52.381177][ T61] usb 5-1: no configurations [ 52.384325][ T61] usb 5-1: can't read configurations, error -22 [ 52.389057][ T6308] netlink: 'syz.1.80': attribute type 1 has an invalid length. [ 52.402352][ T6309] overlayfs: failed to resolve './file0': -2 [ 52.516658][ T6329] netdevsim netdevsim2: Direct firmware load for þ failed with error -2 [ 52.519788][ T6329] netdevsim netdevsim2: Falling back to sysfs fallback for: þ [ 52.544340][ T6326] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 52.922002][ T3333] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 53.082670][ T3333] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 53.085905][ T3333] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 53.088764][ T3333] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 53.093710][ T3333] usb 8-1: config 0 descriptor?? [ 53.098383][ T3333] usbhid 8-1:0.0: couldn't find an input interrupt endpoint [ 53.123228][ T1153] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.179682][ T1153] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.258805][ T1153] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.301956][ T1025] usb 8-1: USB disconnect, device number 2 [ 53.311026][ T63] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 53.315050][ T63] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 53.318746][ T63] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 53.321501][ T63] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 53.324152][ T63] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 53.333807][ T1153] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.456070][ T1153] bridge_slave_1: left allmulticast mode [ 53.459789][ T1153] bridge_slave_1: left promiscuous mode [ 53.462746][ T1153] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.469554][ T1153] bridge_slave_0: left allmulticast mode [ 53.472798][ T1153] bridge_slave_0: left promiscuous mode [ 53.475100][ T1153] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.728237][ T6372] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 53.742256][ T1153] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 53.747516][ T1153] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 53.751564][ T1153] bond0 (unregistering): Released all slaves [ 53.759734][ T6349] chnl_net:caif_netlink_parms(): no params data found [ 53.764065][ T6370] warning: `syz.1.98' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 53.780145][ T6375] capability: warning: `syz.2.99' uses deprecated v2 capabilities in a way that may be insecure [ 53.792303][ T6370] SELinux: Context system_u:object_r:initrc_var_run_t:s0 is not valid (left unmapped). [ 53.874461][ T6349] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.876546][ T6349] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.878583][ T6349] bridge_slave_0: entered allmulticast mode [ 53.880981][ T6349] bridge_slave_0: entered promiscuous mode [ 53.884337][ T6349] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.886603][ T6349] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.888846][ T6349] bridge_slave_1: entered allmulticast mode [ 53.891724][ T6349] bridge_slave_1: entered promiscuous mode [ 53.926078][ T6349] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.932076][ T6349] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.984410][ T6349] team0: Port device team_slave_0 added [ 54.004819][ T6349] team0: Port device team_slave_1 added [ 54.138336][ T6349] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.151297][ T6349] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.161882][ T5974] Bluetooth: hci0: command tx timeout [ 54.169314][ T6349] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.172727][ T5974] Bluetooth: hci1: command tx timeout [ 54.200126][ T6349] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.202430][ T6349] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.220546][ T6349] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.241717][ T5974] Bluetooth: hci3: command tx timeout [ 54.246312][ T1153] hsr_slave_0: left promiscuous mode [ 54.248945][ T1153] hsr_slave_1: left promiscuous mode [ 54.251003][ T1153] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 54.254108][ T1153] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 54.257164][ T1153] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 54.259538][ T1153] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 54.291820][ T1153] veth1_macvtap: left promiscuous mode [ 54.293828][ T1153] veth0_macvtap: left promiscuous mode [ 54.295616][ T1153] veth1_vlan: left promiscuous mode [ 54.297311][ T1153] veth0_vlan: left promiscuous mode [ 54.525229][ T6408] __nla_validate_parse: 11 callbacks suppressed [ 54.525240][ T6408] netlink: 36 bytes leftover after parsing attributes in process `syz.1.103'. [ 54.761341][ T1153] team0 (unregistering): Port device team_slave_1 removed [ 54.806328][ T1153] team0 (unregistering): Port device team_slave_0 removed [ 54.877539][ T6411] overlayfs: invalid origin (0000) [ 54.967803][ T6419] nfs4: Unknown parameter 'PVS' [ 55.038470][ T6421] futex_wake_op: syz.2.107 tries to shift op by 32; fix this program [ 55.197261][ T6424] netlink: 8 bytes leftover after parsing attributes in process `syz.1.108'. [ 55.227145][ T6432] MTD: Couldn't look up './file0': -15 [ 55.229216][ T6432] ./file0: Can't lookup blockdev [ 55.243270][ T6349] hsr_slave_0: entered promiscuous mode [ 55.245588][ T6349] hsr_slave_1: entered promiscuous mode [ 55.248138][ T6349] debugfs: 'hsr0' already exists in 'hsr' [ 55.250002][ T6349] Cannot create hsr debugfs directory [ 55.310559][ T6446] trusted_key: syz.1.114 sent an empty control message without MSG_MORE. [ 55.342507][ T6450] tmpfs: Bad value for 'huge' [ 55.361382][ T5974] Bluetooth: hci2: command tx timeout [ 55.386519][ T6455] 9pnet: p9_errstr2errno: server reported unknown error 00000000000000000005 [ 55.424313][ T6349] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 55.433379][ T6349] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 55.439863][ T6349] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 55.448743][ T6349] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 55.514948][ T6349] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.523231][ T6349] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.530024][ T89] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.532388][ T89] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.538980][ T1145] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.541278][ T1145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.544408][ T6482] sch_fq: defrate 0 ignored. [ 55.546873][ T6482] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on [ 55.650513][ T6486] kAFS: unable to lookup cell '/,c¾ûL' [ 55.678759][ T6349] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.688520][ T6501] tipc: Started in network mode [ 55.690333][ T6501] tipc: Node identity ac14140f, cluster identity 4711 [ 55.696303][ T6501] tipc: New replicast peer: 255.255.255.255 [ 55.699075][ T6501] tipc: Enabled bearer , priority 10 [ 55.705242][ T40] kauditd_printk_skb: 107 callbacks suppressed [ 55.705251][ T40] audit: type=1400 audit(1757553911.103:317): avc: denied { nlmsg_read } for pid=6500 comm="syz.1.125" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 55.726567][ T6497] kvm: pic: non byte write [ 55.740591][ T6501] binder: 6500:6501 ioctl 4018620d 0 returned -22 [ 55.773363][ T40] audit: type=1400 audit(1757553911.173:318): avc: denied { mount } for pid=6510 comm="syz.1.126" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 55.781100][ T40] audit: type=1400 audit(1757553911.173:319): avc: denied { unmount } for pid=5967 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 55.804941][ T40] audit: type=1400 audit(1757553911.203:320): avc: denied { name_connect } for pid=6516 comm="syz.1.127" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 55.805368][ T6349] veth0_vlan: entered promiscuous mode [ 55.816388][ T6349] veth1_vlan: entered promiscuous mode [ 55.830421][ T6349] veth0_macvtap: entered promiscuous mode [ 55.834704][ T6349] veth1_macvtap: entered promiscuous mode [ 55.836010][ T40] audit: type=1400 audit(1757553911.233:321): avc: denied { create } for pid=6518 comm="syz.2.128" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 55.844592][ T6349] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.848425][ T40] audit: type=1400 audit(1757553911.243:322): avc: denied { write } for pid=6518 comm="syz.2.128" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 55.849988][ T6349] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.856555][ T40] audit: type=1400 audit(1757553911.253:323): avc: denied { getopt } for pid=6516 comm="syz.1.127" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 55.861752][ T89] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.863142][ T40] audit: type=1400 audit(1757553911.253:324): avc: denied { listen } for pid=6516 comm="syz.1.127" lport=57151 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 55.865686][ T89] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.876512][ T89] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.879337][ T89] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.894133][ T40] audit: type=1400 audit(1757553911.293:325): avc: denied { read } for pid=6523 comm="syz.2.129" name="usbmon2" dev="devtmpfs" ino=743 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 55.900654][ T40] audit: type=1400 audit(1757553911.293:326): avc: denied { open } for pid=6523 comm="syz.2.129" path="/dev/usbmon2" dev="devtmpfs" ino=743 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 55.930659][ T89] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.933748][ T89] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.952416][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.954953][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.015734][ T6534] netlink: 304 bytes leftover after parsing attributes in process `syz.4.94'. [ 56.020739][ T6534] block nbd4: Attempted send on invalid socket [ 56.023435][ T6534] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 56.026938][ T6534] befs: (nbd4): unable to read superblock [ 56.032500][ T6541] sg_write: data in/out 10438218/1 bytes for SCSI command 0x6b-- guessing data in; [ 56.032500][ T6541] program syz.2.132 not setting count and/or reply_len properly [ 56.065417][ T6543] bond1: entered promiscuous mode [ 56.067589][ T6546] netlink: 36 bytes leftover after parsing attributes in process `syz.2.134'. [ 56.161332][ T10] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 56.332788][ T10] usb 6-1: Using ep0 maxpacket: 32 [ 56.358194][ T10] usb 6-1: config index 0 descriptor too short (expected 35577, got 27) [ 56.365199][ T10] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 56.368991][ T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 56.374647][ T10] usb 6-1: config 1 has no interface number 0 [ 56.377992][ T10] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 56.387699][ T10] usb 6-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 56.402376][ T10] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 56.408775][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 56.428390][ T6580] netlink: 'syz.4.142': attribute type 2 has an invalid length. [ 56.432743][ T6580] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.142'. [ 56.438134][ T6580] nbd: must specify a device to reconfigure [ 56.474801][ T10] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found [ 56.533296][ T6582] netlink: 12 bytes leftover after parsing attributes in process `syz.3.143'. [ 56.695187][ T9] tipc: Node number set to 2886997007 [ 56.734710][ T6596] netlink: 36 bytes leftover after parsing attributes in process `syz.4.148'. [ 56.843110][ T6605] overlayfs: conflicting options: userxattr,metacopy=on [ 56.846425][ T6605] overlay: Unknown parameter 'dont_hash' [ 56.951261][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 57.079714][ T6609] ======================================================= [ 57.079714][ T6609] WARNING: The mand mount option has been deprecated and [ 57.079714][ T6609] and is ignored by this kernel. Remove the mand [ 57.079714][ T6609] option from the mount to silence this warning. [ 57.079714][ T6609] ======================================================= [ 57.089304][ T6609] new mount options do not match the existing superblock, will be ignored [ 57.093853][ T6609] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 57.441300][ T5974] Bluetooth: hci2: command tx timeout [ 57.836679][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 57.844082][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 57.852215][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 57.872177][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 57.959892][ T6634] netlink: 8 bytes leftover after parsing attributes in process `syz.3.159'. [ 57.969742][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 58.061274][ T0] NOHZ tick-stop error: local softirq work is pending, handler #280!!! [ 58.101288][ T0] NOHZ tick-stop error: local softirq work is pending, handler #280!!! [ 58.108085][ T5974] Bluetooth: hci1: unexpected event 0x06 length: 4 > 3 [ 58.116494][ T6637] mmap: syz.3.160 (6637) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 58.144118][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 58.325190][ T6647] netlink: 4 bytes leftover after parsing attributes in process `syz.2.162'. [ 58.441276][ T0] NOHZ tick-stop error: local softirq work is pending, handler #280!!! [ 58.990993][ T10] snd_usb_pod 6-1:1.1: set_interface failed [ 58.993405][ T10] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected [ 58.995761][ T10] snd_usb_pod 6-1:1.1: probe with driver snd_usb_pod failed with error -71 [ 58.999773][ T10] usb 6-1: USB disconnect, device number 2 [ 59.471327][ T10] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 59.531351][ T5974] Bluetooth: hci2: command tx timeout [ 59.631419][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 59.636153][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 59.641627][ T10] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00 [ 59.645431][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 59.652731][ T10] usb 6-1: config 0 descriptor?? [ 59.679792][ T6674] netlink: 'syz.4.171': attribute type 10 has an invalid length. [ 59.683145][ T6674] macvlan0: entered promiscuous mode [ 59.690800][ T6674] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 60.065090][ T10] corsair 0003:1B1C:1B09.0002: item fetching failed at offset 10/11 [ 60.068567][ T10] corsair 0003:1B1C:1B09.0002: parse failed [ 60.070499][ T10] corsair 0003:1B1C:1B09.0002: probe with driver corsair failed with error -22 [ 60.187730][ T6686] netlink: 4 bytes leftover after parsing attributes in process `syz.3.175'. [ 60.190577][ T6686] netlink: 12 bytes leftover after parsing attributes in process `syz.3.175'. [ 60.280562][ T10] usb 6-1: USB disconnect, device number 3 [ 60.461455][ T6053] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 60.636856][ T6053] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 60.639354][ T6053] usb 8-1: config 0 has no interface number 0 [ 60.643264][ T6053] usb 8-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 60.646037][ T6053] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 60.648514][ T6053] usb 8-1: Product: syz [ 60.650099][ T6053] usb 8-1: Manufacturer: syz [ 60.651954][ T6053] usb 8-1: SerialNumber: syz [ 60.680880][ T6053] usb 8-1: config 0 descriptor?? [ 60.837669][ T40] kauditd_printk_skb: 54 callbacks suppressed [ 60.837680][ T40] audit: type=1400 audit(1757553916.233:381): avc: denied { create } for pid=6698 comm="syz.2.180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 60.930572][ T29] IPVS: starting estimator thread 0... [ 60.943606][ T40] audit: type=1400 audit(1757553916.343:382): avc: denied { create } for pid=6687 comm="syz.3.176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 60.949626][ T40] audit: type=1400 audit(1757553916.343:383): avc: denied { connect } for pid=6687 comm="syz.3.176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 61.025216][ T6700] IPVS: using max 46 ests per chain, 110400 per kthread [ 61.059034][ T6711] ptrace attach of "/syz-executor exec"[6712] was attempted by "/syz-executor exec"[6711] [ 61.063656][ T6711] ptrace attach of "/syz-executor exec"[6712] was attempted by "/syz-executor exec"[6711] [ 61.177405][ T6717] program syz.1.182 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 61.597870][ T40] audit: type=1400 audit(1757553916.993:384): avc: denied { ioctl } for pid=6715 comm="syz.2.184" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=13554 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 61.602695][ T63] Bluetooth: hci2: command tx timeout [ 62.408710][ T40] audit: type=1400 audit(1757553917.803:385): avc: denied { ioctl } for pid=6743 comm="syz.4.188" path="socket:[13555]" dev="sockfs" ino=13555 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 62.426767][ T6053] dvb_usb_ec168 8-1:0.1: probe with driver dvb_usb_ec168 failed with error -110 [ 62.465482][ T40] audit: type=1400 audit(1757553917.803:386): avc: denied { setopt } for pid=6743 comm="syz.4.188" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 62.474972][ T40] audit: type=1400 audit(1757553917.803:387): avc: denied { bind } for pid=6743 comm="syz.4.188" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 62.663662][ T29] usb 8-1: USB disconnect, device number 3 [ 62.786546][ T40] audit: type=1400 audit(1757553918.183:388): avc: denied { connect } for pid=6776 comm="syz.1.194" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 62.792040][ T6778] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input6 [ 62.804208][ T40] audit: type=1400 audit(1757553918.203:389): avc: denied { read } for pid=5366 comm="acpid" name="event4" dev="devtmpfs" ino=2857 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 62.811672][ T40] audit: type=1400 audit(1757553918.203:390): avc: denied { open } for pid=5366 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2857 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 62.881793][ T5974] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 62.910465][ T63] Bluetooth: hci0: command 0x0c1a tx timeout [ 63.011390][ T60] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 63.161662][ T60] usb 9-1: Using ep0 maxpacket: 16 [ 63.170463][ T60] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11 [ 63.175567][ T60] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 63.179951][ T60] usb 9-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 63.184069][ T60] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 63.205671][ T60] usb 9-1: config 0 descriptor?? [ 63.623368][ T60] magicmouse 0003:05AC:0265.0003: hidraw1: USB HID v0.00 Device [HID 05ac:0265] on usb-dummy_hcd.4-1/input0 [ 63.818241][ T29] usb 9-1: USB disconnect, device number 2 [ 63.976352][ T6802] ubi31: attaching mtd0 [ 63.980186][ T6802] ubi31: scanning is finished [ 63.983220][ T6802] ubi31: empty MTD device detected [ 64.075099][ T6802] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 64.077969][ T6802] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 64.080207][ T6802] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 64.084126][ T6802] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 64.086791][ T6802] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 64.089076][ T6802] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 64.091707][ T6802] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3544096571 [ 64.094849][ T6802] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 64.100617][ T6804] ubi31: background thread "ubi_bgt31d" started, PID 6804 [ 64.843105][ C1] vkms_vblank_simulate: vblank timer overrun [ 65.685141][ T6825] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.207'. [ 65.689578][ T6820] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.207'. [ 68.391376][ T3333] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 68.911286][ T3333] usb 9-1: Using ep0 maxpacket: 8 [ 69.046319][ T3333] usb 9-1: config index 0 descriptor too short (expected 30, got 18) [ 69.050522][ T3333] usb 9-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 69.054672][ T3333] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.057305][ T3333] usb 9-1: Product: syz [ 69.058637][ T3333] usb 9-1: Manufacturer: syz [ 69.060185][ T3333] usb 9-1: SerialNumber: syz [ 69.068022][ T3333] usb 9-1: config 0 descriptor?? [ 69.073030][ T3333] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 69.075600][ T3333] usb 9-1: setting power ON [ 69.077289][ T3333] dvb-usb: bulk message failed: -22 (2/0) [ 69.081700][ T3333] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 69.085344][ T3333] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 69.088064][ T3333] usb 9-1: media controller created [ 69.097150][ T3333] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 69.107133][ T3333] usb 9-1: selecting invalid altsetting 6 [ 69.109064][ T3333] usb 9-1: digital interface selection failed (-22) [ 69.111177][ T3333] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 69.114613][ T3333] usb 9-1: setting power OFF [ 69.116206][ T3333] dvb-usb: bulk message failed: -22 (2/0) [ 69.118068][ T3333] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 69.120973][ T3333] (NULL device *): no alternate interface [ 69.134598][ T3333] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 69.313978][ T10] usb 9-1: USB disconnect, device number 3 [ 69.870619][ T6890] netlink: 8 bytes leftover after parsing attributes in process `syz.2.218'. [ 69.873779][ T6890] openvswitch: netlink: nsh attribute has 65532 unknown bytes. [ 69.876229][ T6890] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 70.557619][ T40] kauditd_printk_skb: 8 callbacks suppressed [ 70.557629][ T40] audit: type=1400 audit(1757553925.953:399): avc: denied { name_connect } for pid=6899 comm="syz.2.222" dest=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 71.125555][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.128399][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.347685][ T40] audit: type=1400 audit(1757553926.743:400): avc: denied { create } for pid=6914 comm="syz.1.226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 72.009437][ T40] audit: type=1400 audit(1757553927.403:401): avc: denied { mounton } for pid=6918 comm="syz.2.227" path="/proc/254/task" dev="proc" ino=13683 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 72.202221][ T40] audit: type=1400 audit(1757553927.603:402): avc: denied { create } for pid=6920 comm="syz.1.228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 72.208433][ T40] audit: type=1400 audit(1757553927.603:403): avc: denied { connect } for pid=6920 comm="syz.1.228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 72.492075][ T9] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 72.571644][ T6940] veth1_macvtap: left promiscuous mode [ 72.573426][ T6940] macsec0: entered promiscuous mode [ 72.575053][ T6940] macsec0: entered allmulticast mode [ 72.579164][ T6940] veth1_macvtap: entered promiscuous mode [ 72.580980][ T6940] veth1_macvtap: entered allmulticast mode [ 72.583323][ T6940] macsec0: left promiscuous mode [ 72.584966][ T6940] macsec0: left allmulticast mode [ 72.586552][ T6940] veth1_macvtap: left allmulticast mode [ 72.913117][ T9] usb 7-1: config 0 has an invalid interface number: 128 but max is 0 [ 72.916269][ T9] usb 7-1: config 0 has no interface number 0 [ 72.920081][ T9] usb 7-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 72.926138][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 72.930458][ T9] usb 7-1: Product: syz [ 72.933490][ T9] usb 7-1: Manufacturer: syz [ 72.940716][ T9] usb 7-1: SerialNumber: syz [ 72.975388][ T9] usb 7-1: config 0 descriptor?? [ 73.286626][ T40] audit: type=1400 audit(1757553928.683:404): avc: denied { bind } for pid=6943 comm="syz.3.237" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 73.293294][ T40] audit: type=1400 audit(1757553928.683:405): avc: denied { listen } for pid=6943 comm="syz.3.237" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 73.299688][ T40] audit: type=1400 audit(1757553928.683:406): avc: denied { accept } for pid=6943 comm="syz.3.237" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 73.396065][ T9] usb 7-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (0) [ 73.398567][ T9] usb 7-1: Firmware version (0.0) predates our first public release. [ 73.401038][ T9] usb 7-1: Please update to version 0.2 or newer [ 73.564254][ T40] audit: type=1400 audit(1757553928.953:407): avc: denied { create } for pid=6948 comm="syz.4.238" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1 [ 73.656112][ T9] usb 7-1: USB disconnect, device number 2 [ 73.758622][ T6966] netlink: 36 bytes leftover after parsing attributes in process `syz.1.242'. [ 73.818650][ T40] audit: type=1400 audit(1757553929.213:408): avc: denied { create } for pid=6967 comm="syz.4.243" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 74.722202][ T9] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 74.883005][ T9] usb 9-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 74.886425][ T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 74.889876][ T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 74.892966][ T9] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 74.897748][ T9] usb 9-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 74.900520][ T9] usb 9-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 74.903230][ T9] usb 9-1: Manufacturer: syz [ 74.906777][ T9] usb 9-1: config 0 descriptor?? [ 75.031505][ T6035] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 75.184409][ T6035] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 75.187273][ T6035] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 75.189748][ T6035] usb 6-1: Product: syz [ 75.191100][ T6035] usb 6-1: Manufacturer: syz [ 75.192637][ T6035] usb 6-1: SerialNumber: syz [ 75.197760][ T6035] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 75.214503][ T6035] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 75.318346][ T9] appleir 0003:05AC:8243.0004: unknown main item tag 0x0 [ 75.324969][ T9] appleir 0003:05AC:8243.0004: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 75.361356][ T6034] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 75.523432][ T6034] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 75.527892][ T6034] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 75.532008][ T6034] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 75.537299][ T6034] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 75.541015][ T6034] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.546627][ T6034] usb 7-1: config 0 descriptor?? [ 75.583662][ T29] usb 9-1: USB disconnect, device number 4 [ 75.628928][ T6994] usb 6-1: USB disconnect, device number 4 [ 75.958452][ T6034] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 76.214448][ T6877] usb 7-1: USB disconnect, device number 3 [ 76.481346][ T6035] usb 6-1: Service connection timeout for: 256 [ 76.483687][ T6035] ath9k_htc 6-1:1.0: ath9k_htc: Unable to initialize HTC services [ 76.487781][ T6035] ath9k_htc: Failed to initialize the device [ 76.742374][ T6994] usb 6-1: ath9k_htc: USB layer deinitialized [ 77.163487][ T7016] tmpfs: Bad value for 'mpol' [ 77.559837][ T7006] syz.1.256 (7006): drop_caches: 2 [ 77.674462][ T7026] loop7: detected capacity change from 0 to 7 [ 77.695655][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 77.695667][ T40] audit: type=1400 audit(1757553933.093:412): avc: denied { connect } for pid=7027 comm="syz.1.262" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 77.713634][ T40] audit: type=1400 audit(1757553933.103:413): avc: denied { append } for pid=7027 comm="syz.1.262" name="renderD128" dev="devtmpfs" ino=634 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 77.726851][ T40] audit: type=1400 audit(1757553933.123:414): avc: denied { setopt } for pid=7025 comm="syz.2.261" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 78.053222][ T7026] Dev loop7: unable to read RDB block 7 [ 78.055264][ T7026] loop7: unable to read partition table [ 78.057632][ T7026] loop7: partition table beyond EOD, truncated [ 78.060164][ T7026] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü¾CêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö˜Èµ4FLQkÝŠ) failed (rc=-5) [ 78.230802][ T40] audit: type=1400 audit(1757553933.623:415): avc: denied { mount } for pid=7033 comm="syz.3.264" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 78.257337][ T40] audit: type=1400 audit(1757553933.653:416): avc: denied { remount } for pid=7033 comm="syz.3.264" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 78.293079][ T40] audit: type=1400 audit(1757553933.693:417): avc: denied { accept } for pid=7033 comm="syz.3.264" lport=32951 faddr=::ffff:172.20.255.187 fport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 78.304533][ T40] audit: type=1400 audit(1757553933.703:418): avc: denied { write } for pid=7033 comm="syz.3.264" lport=32951 faddr=::ffff:172.20.255.187 fport=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 78.314138][ T40] audit: type=1400 audit(1757553933.713:419): avc: denied { setopt } for pid=7033 comm="syz.3.264" lport=32951 faddr=::ffff:172.20.255.187 fport=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 78.527163][ T7045] netlink: 'syz.4.266': attribute type 8 has an invalid length. [ 79.018619][ T40] audit: type=1400 audit(1757553934.403:420): avc: denied { unmount } for pid=5979 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 79.263954][ T40] audit: type=1400 audit(1757553934.663:421): avc: denied { unmount } for pid=5979 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 79.316033][ T7061] netlink: 8 bytes leftover after parsing attributes in process `syz.3.271'. [ 79.455486][ T7072] syz_tun: entered allmulticast mode [ 79.657165][ T7075] dvmrp8: entered allmulticast mode [ 79.731369][ T5974] Bluetooth: hci3: connection err: -111 [ 80.713500][ T7089] netlink: 8 bytes leftover after parsing attributes in process `syz.2.281'. [ 80.815452][ T7092] netlink: 12 bytes leftover after parsing attributes in process `syz.4.282'. [ 81.590741][ T53] cfg80211: failed to load regulatory.db [ 81.635645][ T5974] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 81.638689][ T5974] CPU: 3 UID: 0 PID: 5974 Comm: kworker/u33:4 Not tainted syzkaller #0 PREEMPT(full) [ 81.638705][ T5974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 81.638712][ T5974] Workqueue: hci3 hci_rx_work [ 81.638729][ T5974] Call Trace: [ 81.638734][ T5974] [ 81.638739][ T5974] dump_stack_lvl+0x16c/0x1f0 [ 81.638756][ T5974] sysfs_warn_dup+0x7f/0xa0 [ 81.638771][ T5974] sysfs_create_dir_ns+0x24b/0x2b0 [ 81.638784][ T5974] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 81.638797][ T5974] ? find_held_lock+0x2b/0x80 [ 81.638814][ T5974] ? do_raw_spin_unlock+0x172/0x230 [ 81.638826][ T5974] kobject_add_internal+0x2c4/0x9b0 [ 81.638843][ T5974] kobject_add+0x16e/0x240 [ 81.638857][ T5974] ? __pfx_kobject_add+0x10/0x10 [ 81.638872][ T5974] ? do_raw_spin_unlock+0x172/0x230 [ 81.638884][ T5974] ? kobject_put+0xab/0x5a0 [ 81.638902][ T5974] device_add+0x288/0x1aa0 [ 81.638917][ T5974] ? __pfx_dev_set_name+0x10/0x10 [ 81.638927][ T5974] ? __pfx_device_add+0x10/0x10 [ 81.638942][ T5974] ? mgmt_send_event_skb+0x2fb/0x460 [ 81.638956][ T5974] hci_conn_add_sysfs+0x17e/0x230 [ 81.638969][ T5974] le_conn_complete_evt+0x1075/0x1d70 [ 81.638980][ T5974] ? preempt_count_sub+0xb0/0x160 [ 81.638995][ T5974] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 81.639006][ T5974] ? hci_event_packet+0x459/0x11c0 [ 81.639020][ T5974] hci_le_conn_complete_evt+0x23c/0x370 [ 81.639034][ T5974] hci_le_meta_evt+0x354/0x5e0 [ 81.639045][ T5974] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 81.639058][ T5974] hci_event_packet+0x682/0x11c0 [ 81.639068][ T5974] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 81.639080][ T5974] ? __pfx_hci_event_packet+0x10/0x10 [ 81.639092][ T5974] ? kcov_remote_start+0x3c9/0x6d0 [ 81.639104][ T5974] ? lockdep_hardirqs_on+0x7c/0x110 [ 81.639121][ T5974] hci_rx_work+0x2c5/0x16b0 [ 81.639133][ T5974] ? rcu_is_watching+0x12/0xc0 [ 81.639147][ T5974] process_one_work+0x9cc/0x1b70 [ 81.639164][ T5974] ? __pfx_process_one_work+0x10/0x10 [ 81.639179][ T5974] ? assign_work+0x1a0/0x250 [ 81.639191][ T5974] worker_thread+0x6c8/0xf10 [ 81.639206][ T5974] ? __kthread_parkme+0x19e/0x250 [ 81.639221][ T5974] ? __pfx_worker_thread+0x10/0x10 [ 81.639232][ T5974] kthread+0x3c2/0x780 [ 81.639242][ T5974] ? __pfx_kthread+0x10/0x10 [ 81.639252][ T5974] ? rcu_is_watching+0x12/0xc0 [ 81.639264][ T5974] ? __pfx_kthread+0x10/0x10 [ 81.639275][ T5974] ret_from_fork+0x5d4/0x6f0 [ 81.639284][ T5974] ? __pfx_kthread+0x10/0x10 [ 81.639294][ T5974] ret_from_fork_asm+0x1a/0x30 [ 81.639313][ T5974] [ 81.639327][ T5974] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 81.723846][ T5974] Bluetooth: hci3: failed to register connection device [ 81.992114][ T9] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 82.151345][ T9] usb 8-1: Using ep0 maxpacket: 16 [ 82.157100][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 82.162202][ T9] usb 8-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 82.165898][ T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.169563][ T9] usb 8-1: Product: syz [ 82.170890][ T9] usb 8-1: Manufacturer: syz [ 82.172690][ T9] usb 8-1: SerialNumber: syz [ 82.180532][ T9] usb 8-1: config 0 descriptor?? [ 82.185561][ T9] hub 8-1:0.0: bad descriptor, ignoring hub [ 82.188055][ T9] hub 8-1:0.0: probe with driver hub failed with error -5 [ 82.193243][ T9] input: syz syz as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input7 [ 82.387896][ T7131] ieee802154 phy0 wpan0: encryption failed: -22 [ 82.621494][ T10] usb 8-1: USB disconnect, device number 4 [ 83.048437][ T40] kauditd_printk_skb: 38 callbacks suppressed [ 83.048451][ T40] audit: type=1326 audit(1757553938.443:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7126 comm="syz.4.293" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cc898eba9 code=0x7ffc0000 [ 83.069593][ T40] audit: type=1326 audit(1757553938.443:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7126 comm="syz.4.293" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cc898eba9 code=0x7ffc0000 [ 83.400957][ T7149] erofs (device nbd2): cannot find valid erofs superblock [ 84.223780][ T7150] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 84.276310][ T7167] kvm: emulating exchange as write [ 84.382038][ T3333] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 84.543972][ T3333] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 84.547527][ T3333] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 84.550814][ T3333] usb 8-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 84.553741][ T3333] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.570336][ T3333] usb 8-1: config 0 descriptor?? [ 84.997024][ T3333] cp2112 0003:10C4:EA90.0006: unknown main item tag 0x0 [ 85.006766][ T3333] cp2112 0003:10C4:EA90.0006: hidraw1: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 85.045882][ T7175] sp0: Synchronizing with TNC [ 85.049536][ T7174] [U] è [ 85.197355][ T3333] cp2112 0003:10C4:EA90.0006: Part Number: 0x82 Device Version: 0xFE [ 85.241902][ T7186] netlink: 76 bytes leftover after parsing attributes in process `syz.2.311'. [ 85.362811][ T40] audit: type=1400 audit(1757553940.763:462): avc: denied { connect } for pid=7187 comm="syz.2.312" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 85.472755][ T6052] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 85.606550][ T40] audit: type=1400 audit(1757553941.003:463): avc: denied { bind } for pid=7187 comm="syz.2.312" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 85.619461][ T40] audit: type=1400 audit(1757553941.003:464): avc: denied { write } for pid=7187 comm="syz.2.312" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 85.632139][ T6052] usb 9-1: Using ep0 maxpacket: 8 [ 85.635667][ T40] audit: type=1400 audit(1757553941.003:465): avc: denied { read } for pid=7187 comm="syz.2.312" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 85.638789][ T6052] usb 9-1: config 179 has an invalid interface number: 65 but max is 0 [ 85.654820][ T6052] usb 9-1: config 179 has no interface number 0 [ 85.659670][ T6052] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 85.666647][ T6052] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 85.671272][ T6052] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 85.675991][ T6052] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 85.685635][ T6052] usb 9-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 85.692736][ T6052] usb 9-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 85.697291][ T6052] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.705483][ T7184] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 85.841712][ T5974] Bluetooth: hci0: command 0x0c1a tx timeout [ 85.929089][ T6052] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:179.65/input/input8 [ 86.010721][ T6052] usb 8-1: USB disconnect, device number 5 [ 86.120830][ T6994] usb 9-1: USB disconnect, device number 5 [ 86.120900][ C0] xpad 9-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 86.126527][ C0] dummy_hcd dummy_hcd.4: timer fired with no URBs pending? [ 86.321827][ T40] audit: type=1400 audit(1757553941.723:466): avc: denied { map } for pid=7195 comm="syz.2.314" path="/dev/comedi4" dev="devtmpfs" ino=1306 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 86.329495][ T40] audit: type=1400 audit(1757553941.723:467): avc: denied { execute } for pid=7195 comm="syz.2.314" path="/dev/comedi4" dev="devtmpfs" ino=1306 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 87.029963][ T40] audit: type=1400 audit(1757553942.413:468): avc: denied { block_suspend } for pid=7208 comm="syz.4.319" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 87.202677][ T40] audit: type=1400 audit(1757553942.603:469): avc: denied { name_bind } for pid=7206 comm="syz.1.318" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 88.302684][ T7231] netlink: 128 bytes leftover after parsing attributes in process `syz.4.323'. [ 88.642895][ T10] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 88.721310][ T63] Bluetooth: hci3: command 0x0406 tx timeout [ 88.952268][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 88.966689][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 88.971031][ T10] usb 7-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 88.975076][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.989231][ T10] usb 7-1: config 0 descriptor?? [ 89.412310][ T40] audit: type=1400 audit(1757553944.813:470): avc: denied { write } for pid=7251 comm="syz.4.330" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 89.583056][ T10] cp2112 0003:10C4:EA90.0007: unknown main item tag 0x0 [ 89.588747][ T10] cp2112 0003:10C4:EA90.0007: hidraw1: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0 [ 89.654104][ T10] cp2112 0003:10C4:EA90.0007: Part Number: 0x82 Device Version: 0xFE [ 89.671605][ T6035] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 89.744560][ T40] audit: type=1400 audit(1757553945.143:471): avc: denied { ioctl } for pid=7261 comm="syz.3.331" path="socket:[16113]" dev="sockfs" ino=16113 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 90.281462][ T6035] usb 9-1: Using ep0 maxpacket: 16 [ 90.301380][ T7269] 8021q: adding VLAN 0 to HW filter on device bond2 [ 90.472168][ T6994] usb 7-1: USB disconnect, device number 4 [ 90.479744][ T6035] usb 9-1: config 0 has no interfaces? [ 90.483461][ T6035] usb 9-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00 [ 90.486714][ T6035] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.489231][ T6035] usb 9-1: Product: syz [ 90.490625][ T6035] usb 9-1: Manufacturer: syz [ 90.492736][ T6035] usb 9-1: SerialNumber: syz [ 90.503961][ T6035] usb 9-1: config 0 descriptor?? [ 90.712389][ T7253] tipc: Started in network mode [ 90.713986][ T7253] tipc: Node identity 7f000001, cluster identity 4711 [ 90.716231][ T7253] tipc: New replicast peer: 0.0.0.0 [ 90.718210][ T7253] tipc: Enabled bearer , priority 10 [ 90.761316][ T6033] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 90.911343][ T6033] usb 8-1: Using ep0 maxpacket: 8 [ 90.915477][ T6033] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 90.918841][ T6033] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 90.922582][ T6033] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024 [ 90.926405][ T6033] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 90.929904][ T6033] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 90.934365][ T6033] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 90.937467][ T6033] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.097656][ T7279] netlink: 76 bytes leftover after parsing attributes in process `syz.1.335'. [ 91.150785][ T6033] usb 8-1: GET_CAPABILITIES returned 0 [ 91.153812][ T6033] usbtmc 8-1:16.0: can't read capabilities [ 91.356725][ T6033] usb 8-1: USB disconnect, device number 6 [ 91.361839][ T40] audit: type=1400 audit(1757553946.753:472): avc: denied { mount } for pid=7298 comm="syz.1.342" name="/" dev="autofs" ino=14111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 91.563000][ T40] audit: type=1400 audit(1757553946.963:473): avc: denied { unmount } for pid=5967 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 91.831358][ T6033] tipc: Node number set to 2130706433 [ 92.031044][ T7308] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 92.294602][ T6033] usb 9-1: USB disconnect, device number 6 [ 92.674045][ T40] audit: type=1400 audit(1757553948.073:474): avc: denied { write } for pid=7329 comm="syz.1.353" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 93.099933][ T7351] netlink: 8 bytes leftover after parsing attributes in process `syz.2.359'. [ 93.716336][ T7379] netlink: 8 bytes leftover after parsing attributes in process `syz.4.371'. [ 93.869653][ T6033] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 93.882425][ T40] audit: type=1400 audit(1757553949.253:475): avc: denied { read write } for pid=7386 comm="syz.4.375" name="uhid" dev="devtmpfs" ino=1296 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 93.890853][ T6033] hid-generic 0000:0000:0000.0008: hidraw1: HID v0.00 Device [syz1] on syz0 [ 93.898476][ T40] audit: type=1400 audit(1757553949.253:476): avc: denied { open } for pid=7386 comm="syz.4.375" path="/dev/uhid" dev="devtmpfs" ino=1296 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 94.058272][ T7387] netlink: 16 bytes leftover after parsing attributes in process `syz.4.375'. [ 94.259814][ T40] audit: type=1400 audit(1757553949.653:477): avc: denied { module_request } for pid=7400 comm="syz.1.379" kmod="bt-proto-5" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 94.412284][ T40] audit: type=1400 audit(1757553949.813:478): avc: denied { create } for pid=7400 comm="syz.1.379" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1 [ 94.514979][ T7411] netlink: 8 bytes leftover after parsing attributes in process `syz.1.381'. [ 94.588323][ T7407] sp0: Synchronizing with TNC [ 94.672290][ T6994] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 94.753734][ T5974] Bluetooth: hci0: unexpected event for opcode 0x2029 [ 94.821327][ T6994] usb 7-1: Using ep0 maxpacket: 8 [ 94.825359][ T6994] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 94.829504][ T6994] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 94.833735][ T6994] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 65535, setting to 1024 [ 94.838388][ T6994] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 94.842718][ T6994] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 94.848124][ T6994] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 94.852006][ T6994] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.053137][ T7396] [U] è [ 95.062221][ T6994] usb 7-1: GET_CAPABILITIES returned 0 [ 95.063990][ T6994] usbtmc 7-1:16.0: can't read capabilities [ 95.133638][ T7423] comedi comedi3: fl512: I/O port conflict (0xfffffffffffffff4,16) [ 95.191927][ T7429] netlink: 12 bytes leftover after parsing attributes in process `syz.4.389'. [ 95.195568][ T7429] netlink: 12 bytes leftover after parsing attributes in process `syz.4.389'. [ 95.226475][ T7431] netlink: 8 bytes leftover after parsing attributes in process `syz.4.390'. [ 95.264640][ T7408] usb 7-1: usbtmc_ioctl_clear_out_halt returned -32 [ 95.267327][ T9] usb 7-1: USB disconnect, device number 5 [ 95.295625][ T7436] netlink: 120 bytes leftover after parsing attributes in process `syz.1.392'. [ 95.296287][ T40] audit: type=1400 audit(1757553950.693:479): avc: denied { bind } for pid=7435 comm="syz.1.392" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 95.397064][ T7441] ubi: mtd0 is already attached to ubi31 [ 96.204438][ T7458] netlink: 8 bytes leftover after parsing attributes in process `syz.4.399'. [ 96.240805][ T7462] netlink: 'syz.1.401': attribute type 33 has an invalid length. [ 96.246343][ T7462] netlink: 152 bytes leftover after parsing attributes in process `syz.1.401'. [ 96.588405][ T40] audit: type=1400 audit(1757553951.983:480): avc: denied { write } for pid=7468 comm="syz.3.404" name="fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 96.632743][ T40] audit: type=1400 audit(1757553952.033:481): avc: denied { name_bind } for pid=7468 comm="syz.3.404" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 97.026617][ T7483] SELinux: Context system_u:object_r: is not valid (left unmapped). [ 97.030475][ T40] audit: type=1400 audit(1757553952.423:482): avc: denied { relabelto } for pid=7480 comm="syz.1.408" name="file0" dev="tmpfs" ino=526 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1 trawcon="system_u:object_r:" [ 97.043606][ T40] audit: type=1400 audit(1757553952.423:483): avc: denied { associate } for pid=7480 comm="syz.1.408" name="file0" dev="tmpfs" ino=526 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:" [ 97.133539][ T40] audit: type=1400 audit(1757553952.533:484): avc: denied { unmount } for pid=6349 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 97.368851][ T40] audit: type=1400 audit(1757553952.763:485): avc: denied { execmem } for pid=7486 comm="syz.4.410" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 97.401143][ T7487] infiniband syz1: set active [ 97.402889][ T7487] infiniband syz1: added syz_tun [ 97.425029][ T7487] RDS/IB: syz1: added [ 97.426565][ T7487] smc: adding ib device syz1 with port count 1 [ 97.428435][ T7487] smc: ib device syz1 port 1 has pnetid [ 97.711609][ T40] audit: type=1400 audit(1757553953.113:486): avc: denied { unlink } for pid=5967 comm="syz-executor" name="file0" dev="tmpfs" ino=526 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1 trawcon="system_u:object_r:" [ 97.989039][ T7507] netlink: 20 bytes leftover after parsing attributes in process `syz.1.414'. [ 98.151444][ T40] audit: type=1400 audit(1757553953.523:487): avc: denied { accept } for pid=7503 comm="syz.4.417" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 98.532420][ T40] audit: type=1400 audit(1757553953.933:488): avc: denied { create } for pid=7505 comm="syz.2.416" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 98.782414][ T7521] netlink: 12 bytes leftover after parsing attributes in process `syz.1.419'. [ 98.803367][ T5974] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 98.806151][ T5974] Bluetooth: hci0: Injecting HCI hardware error event [ 98.809020][ T63] Bluetooth: hci0: hardware error 0x00 [ 99.211713][ T9] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 99.361514][ T9] usb 9-1: Using ep0 maxpacket: 8 [ 99.367059][ T9] usb 9-1: config 0 has an invalid interface number: 246 but max is 0 [ 99.369886][ T9] usb 9-1: config 0 has no interface number 0 [ 99.375726][ T9] usb 9-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3 [ 99.378778][ T9] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.381570][ T9] usb 9-1: Product: syz [ 99.382975][ T9] usb 9-1: Manufacturer: syz [ 99.384489][ T9] usb 9-1: SerialNumber: syz [ 99.388914][ T9] usb 9-1: config 0 descriptor?? [ 99.427051][ T9] msi2500 9-1:0.246: Registered as swradio24 [ 99.429189][ T9] msi2500 9-1:0.246: SDR API is still slightly experimental and functionality changes may follow [ 99.596921][ T53] usb 9-1: USB disconnect, device number 7 [ 99.764966][ T7553] netlink: 8 bytes leftover after parsing attributes in process `syz.3.431'. [ 100.031545][ T6877] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 100.264702][ T6877] usb 6-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config [ 100.268008][ T6877] usb 6-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 100.270847][ T6877] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.289447][ T6877] aiptek 6-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 100.435105][ T7569] netlink: 32 bytes leftover after parsing attributes in process `syz.4.438'. [ 100.518898][ T7555] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 100.521614][ T7555] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 100.525671][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 100.525679][ T40] audit: type=1400 audit(1757553955.923:490): avc: denied { write } for pid=7572 comm="syz.3.440" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 100.528172][ T7555] vhci_hcd vhci_hcd.0: Device attached [ 100.534385][ T40] audit: type=1400 audit(1757553955.923:491): avc: denied { nlmsg_write } for pid=7572 comm="syz.3.440" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 100.544968][ T7555] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(8) [ 100.547543][ T7555] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 100.550559][ T7555] vhci_hcd vhci_hcd.0: Device attached [ 100.555197][ T7555] vhci_hcd vhci_hcd.0: pdev(1) rhport(2) sockfd(10) [ 100.557304][ T7555] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 100.559793][ T7555] vhci_hcd vhci_hcd.0: Device attached [ 100.563519][ T7582] vhci_hcd: connection closed [ 100.564059][ T7580] vhci_hcd: connection closed [ 100.564174][ T7578] vhci_hcd: connection closed [ 100.566344][ T6035] usb 6-1: USB disconnect, device number 5 [ 100.568306][ T46] vhci_hcd: stop threads [ 100.574458][ T46] vhci_hcd: release socket [ 100.575893][ T46] vhci_hcd: disconnect device [ 100.578139][ T46] vhci_hcd: stop threads [ 100.579729][ T46] vhci_hcd: release socket [ 100.581156][ T46] vhci_hcd: disconnect device [ 100.582980][ T46] vhci_hcd: stop threads [ 100.584315][ T46] vhci_hcd: release socket [ 100.585739][ T46] vhci_hcd: disconnect device [ 100.691442][ T6877] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 100.841610][ T6877] usb 9-1: Using ep0 maxpacket: 8 [ 100.854339][ T6877] usb 9-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 100.859307][ T6877] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.865664][ T6877] usb 9-1: Product: syz [ 100.869155][ T6877] usb 9-1: Manufacturer: syz [ 100.872295][ T6877] usb 9-1: SerialNumber: syz [ 100.875149][ T6877] usb 9-1: config 0 descriptor?? [ 100.882577][ T63] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 100.940424][ T7587] capability: warning: `syz.2.442' uses 32-bit capabilities (legacy support in use) [ 101.095778][ T6877] usb 9-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 101.885944][ T40] audit: type=1400 audit(1757553957.283:492): avc: denied { map } for pid=7596 comm="syz.2.446" path="socket:[16568]" dev="sockfs" ino=16568 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 101.893529][ T40] audit: type=1400 audit(1757553957.283:493): avc: denied { read accept } for pid=7596 comm="syz.2.446" path="socket:[16568]" dev="sockfs" ino=16568 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 102.142376][ T7612] netlink: 8 bytes leftover after parsing attributes in process `syz.1.450'. [ 102.239981][ T7617] netlink: 12 bytes leftover after parsing attributes in process `syz.1.452'. [ 102.501884][ T40] audit: type=1400 audit(1757553957.903:494): avc: denied { getopt } for pid=7621 comm="syz.3.454" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 102.901526][ T6877] usb write operation failed. (-71) [ 102.907809][ T6877] usb 9-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 102.911841][ T6877] dvbdev: DVB: registering new adapter (Terratec H7) [ 102.912337][ T60] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 102.913969][ T6877] usb 9-1: media controller created [ 102.918772][ T6877] usb read operation failed. (-71) [ 102.920763][ T6877] usb write operation failed. (-71) [ 102.924421][ T6877] dvb_usb_az6007 9-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 102.928207][ T6877] usb 9-1: USB disconnect, device number 8 [ 103.061470][ T60] usb 7-1: Using ep0 maxpacket: 16 [ 103.072769][ T60] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 103.076177][ T60] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 103.079520][ T60] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 103.085060][ T60] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 103.087844][ T60] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.096235][ T60] usb 7-1: config 0 descriptor?? [ 103.505657][ T60] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0 [ 103.508546][ T60] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0 [ 103.510814][ T60] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0 [ 103.519668][ T60] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0 [ 103.522332][ T60] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0 [ 103.527738][ T60] HID 045e:07da: Invalid code 65791 type 1 [ 103.529699][ T60] HID 045e:07da: Invalid code 65791 type 1 [ 103.531859][ T60] HID 045e:07da: Invalid code 65791 type 1 [ 103.534714][ T60] HID 045e:07da: Invalid code 65791 type 1 [ 103.536730][ T60] HID 045e:07da: Invalid code 65791 type 1 [ 103.538699][ T60] HID 045e:07da: Invalid code 65791 type 1 [ 103.540658][ T60] HID 045e:07da: Invalid code 65791 type 1 [ 103.542790][ T60] HID 045e:07da: Invalid code 65791 type 1 [ 103.544837][ T60] HID 045e:07da: Invalid code 65791 type 1 [ 103.547405][ T60] HID 045e:07da: Invalid code 65791 type 1 [ 103.553270][ T60] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/0003:045E:07DA.0009/input/input11 [ 103.564851][ T60] microsoft 0003:045E:07DA.0009: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 103.621094][ T7636] netlink: 277 bytes leftover after parsing attributes in process `syz.1.458'. [ 103.704661][ T60] usb 7-1: USB disconnect, device number 6 [ 103.954569][ T7649] block nbd3: Attempted send on invalid socket [ 103.957370][ T7649] I/O error, dev nbd3, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 103.962177][ T10] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 103.962660][ T7649] block nbd3: Attempted send on invalid socket [ 103.967766][ T7649] I/O error, dev nbd3, sector 120 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 103.973349][ T7649] Mount JFS Failure: -5 [ 104.026591][ T40] audit: type=1400 audit(1757553959.423:495): avc: denied { setopt } for pid=7648 comm="syz.3.463" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 104.151785][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 104.173691][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 104.189721][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.206892][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 104.221471][ T10] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 104.225373][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.242767][ T10] usb 6-1: config 0 descriptor?? [ 104.333466][ T40] audit: type=1400 audit(1757553959.723:496): avc: denied { bind } for pid=7655 comm="syz.2.467" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 104.565424][ T7660] nfs: Unknown parameter '' [ 104.858629][ T7643] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 104.863777][ T7643] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 104.867553][ T7643] netlink: 'syz.1.460': attribute type 2 has an invalid length. [ 104.870447][ T7643] netlink: 244 bytes leftover after parsing attributes in process `syz.1.460'. [ 105.161502][ T10] shield 0003:0955:7214.000A: unknown main item tag 0x0 [ 105.163638][ T10] shield 0003:0955:7214.000A: unknown main item tag 0x0 [ 105.165748][ T10] shield 0003:0955:7214.000A: unknown main item tag 0x0 [ 105.167842][ T10] shield 0003:0955:7214.000A: unknown main item tag 0x0 [ 105.169955][ T10] shield 0003:0955:7214.000A: unknown main item tag 0x0 [ 105.173683][ T10] input: HID 0955:7214 Haptics as /devices/virtual/input/input12 [ 105.192012][ T10] shield 0003:0955:7214.000A: Registered Thunderstrike controller [ 105.195718][ T10] shield 0003:0955:7214.000A: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.1-1/input0 [ 105.253776][ T9] shield 0003:0955:7214.000A: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 105.258693][ T9] shield 0003:0955:7214.000A: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 105.271887][ T7665] netlink: 8 bytes leftover after parsing attributes in process `syz.2.469'. [ 105.279589][ T9] shield 0003:0955:7214.000A: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 105.321264][ T10] usb 6-1: USB disconnect, device number 6 [ 105.338895][ T9] shield 0003:0955:7214.000A: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 105.702450][ T7677] netlink: 4 bytes leftover after parsing attributes in process `syz.1.472'. [ 105.707861][ T7677] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 105.707861][ T7677] program syz.1.472 not setting count and/or reply_len properly [ 106.797781][ T7697] netlink: 12 bytes leftover after parsing attributes in process `syz.3.478'. [ 106.846991][ T7698] lo speed is unknown, defaulting to 1000 [ 106.849144][ T7698] lo speed is unknown, defaulting to 1000 [ 106.855526][ T7698] lo speed is unknown, defaulting to 1000 [ 106.866951][ T7698] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 106.887131][ T7698] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 106.901349][ T10] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 106.995338][ T7698] lo speed is unknown, defaulting to 1000 [ 106.997984][ T7698] lo speed is unknown, defaulting to 1000 [ 107.000462][ T7698] lo speed is unknown, defaulting to 1000 [ 107.003026][ T7698] lo speed is unknown, defaulting to 1000 [ 107.008745][ T40] audit: type=1400 audit(1757553962.403:497): avc: denied { getopt } for pid=7690 comm="syz.1.477" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 107.111278][ T10] usb 9-1: Using ep0 maxpacket: 8 [ 107.127447][ T7703] netlink: 8 bytes leftover after parsing attributes in process `syz.2.479'. [ 107.140595][ T10] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 107.144149][ T10] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 107.147240][ T10] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 107.150376][ T10] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 107.154666][ T10] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 107.157479][ T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.369824][ T10] usb 9-1: GET_CAPABILITIES returned 0 [ 107.371882][ T10] usbtmc 9-1:16.0: can't read capabilities [ 107.577002][ C3] usbtmc 9-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 107.580038][ C3] usbtmc 9-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 107.584587][ T6035] usb 9-1: USB disconnect, device number 9 [ 107.721997][ T40] audit: type=1400 audit(1757553963.123:498): avc: denied { write } for pid=7714 comm="syz.3.484" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 107.722403][ T46] tipc: Subscription rejected, illegal request [ 107.729254][ T40] audit: type=1400 audit(1757553963.123:499): avc: denied { read } for pid=7714 comm="syz.3.484" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 107.928334][ T40] audit: type=1400 audit(1757553963.323:500): avc: denied { setopt } for pid=7717 comm="syz.3.485" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 108.177294][ T7724] netlink: 64138 bytes leftover after parsing attributes in process `syz.1.486'. [ 108.318804][ T1260] smc: removing ib device syz1 [ 108.328597][ T9] syz1: Port: 1 Link DOWN [ 109.413356][ T40] audit: type=1400 audit(1757553964.803:501): avc: denied { read write } for pid=7748 comm="syz.2.496" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 109.420813][ T40] audit: type=1400 audit(1757553964.813:502): avc: denied { open } for pid=7748 comm="syz.2.496" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 110.201425][ T1025] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 110.220423][ T7766] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 110.261068][ T7768] netlink: 8 bytes leftover after parsing attributes in process `syz.2.503'. [ 110.383020][ T1025] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 110.386517][ T1025] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 110.391115][ T1025] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 110.394134][ T1025] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.399265][ T1025] usb 6-1: config 0 descriptor?? [ 110.529166][ T40] audit: type=1400 audit(1757553965.923:503): avc: denied { bind } for pid=7777 comm="syz.2.508" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 110.555648][ T40] audit: type=1400 audit(1757553965.953:504): avc: denied { write } for pid=7777 comm="syz.2.508" path="socket:[16704]" dev="sockfs" ino=16704 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 110.942772][ T40] audit: type=1400 audit(1757553966.233:505): avc: denied { append } for pid=7788 comm="syz.3.511" name="001" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 110.946936][ T7791] netlink: 8 bytes leftover after parsing attributes in process `syz.3.511'. [ 110.949771][ T40] audit: type=1400 audit(1757553966.243:506): avc: denied { connect } for pid=7788 comm="syz.3.511" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 110.978665][ T1025] cp2112 0003:10C4:EA90.000B: item fetching failed at offset 5/7 [ 110.983676][ T1025] cp2112 0003:10C4:EA90.000B: parse failed [ 110.986255][ T1025] cp2112 0003:10C4:EA90.000B: probe with driver cp2112 failed with error -22 [ 111.501869][ T7793] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input13 [ 112.336359][ T7815] block nbd3: Attempted send on invalid socket [ 112.340393][ T7815] I/O error, dev nbd3, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 3 [ 112.350183][ T7815] block nbd3: Attempted send on invalid socket [ 112.356973][ T7815] I/O error, dev nbd3, sector 120 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 3 [ 112.361638][ T7815] Mount JFS Failure: -5 [ 112.697939][ T7824] netlink: 8 bytes leftover after parsing attributes in process `syz.4.521'. [ 112.700833][ T7824] netlink: 24 bytes leftover after parsing attributes in process `syz.4.521'. [ 112.706234][ T7824] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.709215][ T7824] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.712224][ T7824] bridge0: entered allmulticast mode [ 112.717490][ T7824] netlink: 20 bytes leftover after parsing attributes in process `syz.4.521'. [ 112.722083][ T7824] bridge_slave_1: left allmulticast mode [ 112.724466][ T7824] bridge_slave_1: left promiscuous mode [ 112.726935][ T7824] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.736110][ T7824] bridge_slave_0: left allmulticast mode [ 112.738033][ T7824] bridge_slave_0: left promiscuous mode [ 112.740347][ T7824] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.989175][ T6035] usb 6-1: USB disconnect, device number 7 [ 113.012349][ T7832] netlink: 8 bytes leftover after parsing attributes in process `syz.1.524'. [ 113.053722][ T63] Bluetooth: hci3: unexpected event for opcode 0x0000 [ 113.905671][ T7859] netlink: 8 bytes leftover after parsing attributes in process `syz.1.533'. [ 113.933441][ T40] kauditd_printk_skb: 5 callbacks suppressed [ 113.933451][ T40] audit: type=1400 audit(1757553969.333:512): avc: denied { listen } for pid=7860 comm="syz.1.534" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 113.953627][ T40] audit: type=1400 audit(1757553969.333:513): avc: denied { accept } for pid=7860 comm="syz.1.534" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 114.809311][ T7885] netlink: 8 bytes leftover after parsing attributes in process `syz.1.543'. [ 115.484847][ T40] audit: type=1400 audit(1757553970.873:514): avc: denied { set_context_mgr } for pid=7903 comm="syz.2.550" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 115.494521][ T40] audit: type=1400 audit(1757553970.893:515): avc: denied { map } for pid=7903 comm="syz.2.550" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 115.502668][ T40] audit: type=1400 audit(1757553970.893:516): avc: denied { call } for pid=7903 comm="syz.2.550" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 115.751478][ T6877] usb 9-1: new high-speed USB device number 10 using dummy_hcd [ 115.824001][ T7910] netlink: 8 bytes leftover after parsing attributes in process `syz.1.552'. [ 115.912128][ T6877] usb 9-1: Using ep0 maxpacket: 8 [ 115.915253][ T6877] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 115.918372][ T6877] usb 9-1: config 0 has no interfaces? [ 115.920021][ T6877] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 115.923440][ T6877] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.927106][ T6877] usb 9-1: config 0 descriptor?? [ 116.144574][ T7923] netlink: 4 bytes leftover after parsing attributes in process `syz.3.556'. [ 116.150719][ T7923] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 116.150719][ T7923] program syz.3.556 not setting count and/or reply_len properly [ 116.954340][ T7944] netlink: 8 bytes leftover after parsing attributes in process `syz.3.564'. [ 117.122056][ T63] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 117.125634][ T63] Bluetooth: hci3: Injecting HCI hardware error event [ 117.129614][ T63] Bluetooth: hci3: hardware error 0x00 [ 118.284336][ T6035] usb 9-1: USB disconnect, device number 10 [ 118.321438][ T5974] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 118.325874][ T5974] Bluetooth: hci2: Injecting HCI hardware error event [ 118.330047][ T5332] Bluetooth: hci2: hardware error 0x00 [ 118.336793][ T7971] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 118.630322][ T7989] netlink: 8 bytes leftover after parsing attributes in process `syz.2.580'. [ 118.850330][ T7997] Bluetooth: hci0: Opcode 0x0401 failed: -22 [ 119.261504][ T63] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 119.707200][ T40] audit: type=1400 audit(1757553975.103:517): avc: denied { getopt } for pid=8017 comm="syz.4.590" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 120.411538][ T5332] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 120.893591][ T5332] Bluetooth: hci0: command tx timeout [ 121.042596][ T8042] [U] ^C [ 121.324240][ T40] audit: type=1400 audit(1757553976.723:518): avc: denied { read } for pid=8073 comm="syz.1.605" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 121.334468][ T40] audit: type=1400 audit(1757553976.723:519): avc: denied { open } for pid=8073 comm="syz.1.605" path="/dev/snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 122.269373][ T8074] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 122.273569][ T8074] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 122.305871][ T8074] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 122.989727][ T40] audit: type=1400 audit(1757553978.383:520): avc: denied { write } for pid=8111 comm="syz.4.618" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 123.018926][ T40] audit: type=1800 audit(1757553978.413:521): pid=8113 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.4.618" name="/" dev="9p" ino=2 res=0 errno=0 [ 123.441305][ T5332] Bluetooth: hci1: command 0x0c1a tx timeout [ 123.631388][ T6053] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 123.791351][ T6053] usb 6-1: Using ep0 maxpacket: 16 [ 123.795676][ T6053] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 123.799805][ T6053] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 123.804829][ T6053] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 123.808832][ T6053] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 123.817155][ T6053] usb 6-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f [ 123.820878][ T6053] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.824685][ T6053] usb 6-1: Product: syz [ 123.826719][ T6053] usb 6-1: Manufacturer: syz [ 123.828891][ T6053] usb 6-1: SerialNumber: syz [ 123.833541][ T6053] usb 6-1: config 0 descriptor?? [ 123.838644][ T6053] xbox_remote_probe: Unexpected endpoint_in [ 124.042028][ T6877] usb 6-1: USB disconnect, device number 8 [ 124.664110][ T40] audit: type=1400 audit(1757553980.063:522): avc: denied { create } for pid=8144 comm="syz.2.631" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 124.672483][ T40] audit: type=1400 audit(1757553980.073:523): avc: denied { write } for pid=8144 comm="syz.2.631" path="socket:[17342]" dev="sockfs" ino=17342 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 124.697717][ T8149] befs: (nbd1): No write support. Marking filesystem read-only [ 124.703432][ T8149] block nbd1: Attempted send on invalid socket [ 124.705840][ T8149] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 124.710445][ T8149] befs: (nbd1): unable to read superblock [ 124.716812][ T40] audit: type=1400 audit(1757553980.113:524): avc: denied { read } for pid=8145 comm="syz.1.630" path="socket:[18154]" dev="sockfs" ino=18154 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 124.813108][ T40] audit: type=1400 audit(1757553980.213:525): avc: denied { module_load } for pid=8145 comm="syz.1.630" path="/sys/power/wakeup_count" dev="sysfs" ino=866 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1 [ 124.931475][ T8152] fuse: Bad value for 'fd' [ 125.554870][ T5332] Bluetooth: hci1: command 0x0c1a tx timeout [ 125.724982][ T40] audit: type=1800 audit(1757553981.123:526): pid=8168 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.636" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 126.674797][ T8172] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 127.181567][ T6052] usb 8-1: new full-speed USB device number 7 using dummy_hcd [ 127.334149][ T6052] usb 8-1: unable to get BOS descriptor or descriptor too short [ 127.337898][ T6052] usb 8-1: not running at top speed; connect to a high speed hub [ 127.342352][ T6052] usb 8-1: config 8 has an invalid interface number: 24 but max is 0 [ 127.345713][ T6052] usb 8-1: config 8 has no interface number 0 [ 127.348353][ T6052] usb 8-1: config 8 interface 24 altsetting 2 endpoint 0xE has invalid maxpacket 1535, setting to 64 [ 127.354890][ T6052] usb 8-1: config 8 interface 24 altsetting 2 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 127.359374][ T6052] usb 8-1: config 8 interface 24 altsetting 2 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 127.364768][ T6052] usb 8-1: config 8 interface 24 altsetting 2 endpoint 0x8F has invalid maxpacket 65535, setting to 64 [ 127.369504][ T6052] usb 8-1: config 8 interface 24 has no altsetting 0 [ 127.374023][ T6052] usb 8-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af [ 127.377800][ T6052] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.381027][ T6052] usb 8-1: Product: syz [ 127.477731][ T8230] new mount options do not match the existing superblock, will be ignored [ 127.826789][ T8238] netlink: 28 bytes leftover after parsing attributes in process `syz.1.653'. [ 127.829589][ T8238] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 127.931607][ T5332] Bluetooth: hci1: command 0x0c1a tx timeout [ 127.933582][ T6052] usb 8-1: Manufacturer: syz [ 127.935018][ T6052] usb 8-1: SerialNumber: syz [ 127.948417][ T8211] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 127.951205][ T8211] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 128.414988][ T6052] comedi comedi5: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'. [ 128.426870][ T6052] usb 8-1: USB disconnect, device number 7 [ 129.329950][ T8268] binder_alloc: 8266: pid 8266 spamming oneway? 1 buffers allocated for a total size of 4096 [ 129.881698][ T8278] netlink: 28 bytes leftover after parsing attributes in process `syz.1.665'. [ 130.562392][ T40] audit: type=1400 audit(1757553985.963:527): avc: denied { listen } for pid=8303 comm="syz.4.674" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 132.318346][ T8340] netlink: 4 bytes leftover after parsing attributes in process `syz.4.685'. [ 132.572208][ T40] audit: type=1400 audit(1757553987.963:528): avc: denied { mounton } for pid=8344 comm="syz.3.687" path="/syzcgroup/net/syz3/devices.allow" dev="cgroup" ino=220 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=file permissive=1 [ 132.611457][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 147.575001][ T40] audit: type=1400 audit(1757554002.973:529): avc: denied { execute } for pid=8367 comm="syz-executor" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 147.583820][ T40] audit: type=1400 audit(1757554002.973:530): avc: denied { execute_no_trans } for pid=8367 comm="syz-executor" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 147.617583][ T1423] ================================================================== [ 147.620104][ T1423] BUG: KASAN: slab-use-after-free in handle_tx+0x5a5/0x630 [ 147.622405][ T1423] Read of size 8 at addr ffff8880220c8020 by task aoe_tx0/1423 [ 147.625859][ T1423] [ 147.626916][ T1423] CPU: 1 UID: 0 PID: 1423 Comm: aoe_tx0 Not tainted syzkaller #0 PREEMPT(full) [ 147.626929][ T1423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 147.626936][ T1423] Call Trace: [ 147.626940][ T1423] [ 147.626944][ T1423] dump_stack_lvl+0x116/0x1f0 [ 147.626966][ T1423] print_report+0xcd/0x630 [ 147.626979][ T1423] ? __virt_addr_valid+0x81/0x610 [ 147.626993][ T1423] ? __phys_addr+0xe8/0x180 [ 147.627006][ T1423] ? handle_tx+0x5a5/0x630 [ 147.627018][ T1423] kasan_report+0xe0/0x110 [ 147.627029][ T1423] ? handle_tx+0x5a5/0x630 [ 147.627040][ T1423] handle_tx+0x5a5/0x630 [ 147.627050][ T1423] dev_hard_start_xmit+0x94/0x740 [ 147.627063][ T1423] __dev_queue_xmit+0xa46/0x4490 [ 147.627075][ T1423] ? rcu_is_watching+0x12/0xc0 [ 147.627088][ T1423] ? __pfx___dev_queue_xmit+0x10/0x10 [ 147.627098][ T1423] ? __schedule+0x11a3/0x5de0 [ 147.627115][ T1423] ? __lock_acquire+0xb97/0x1ce0 [ 147.627134][ T1423] ? do_raw_spin_lock+0x12c/0x2b0 [ 147.627145][ T1423] ? find_held_lock+0x2b/0x80 [ 147.627158][ T1423] ? skb_dequeue+0x126/0x180 [ 147.627173][ T1423] ? find_held_lock+0x2b/0x80 [ 147.627186][ T1423] ? rcu_is_watching+0x12/0xc0 [ 147.627199][ T1423] tx+0xcc/0x190 [ 147.627210][ T1423] ? __pfx_tx+0x10/0x10 [ 147.627221][ T1423] kthread+0x1e4/0x3e0 [ 147.627231][ T1423] ? find_held_lock+0x2b/0x80 [ 147.627243][ T1423] ? __pfx_kthread+0x10/0x10 [ 147.627253][ T1423] ? __pfx_default_wake_function+0x10/0x10 [ 147.627266][ T1423] ? lockdep_hardirqs_on+0x7c/0x110 [ 147.627279][ T1423] ? __kthread_parkme+0x19e/0x250 [ 147.627295][ T1423] ? __pfx_kthread+0x10/0x10 [ 147.627305][ T1423] kthread+0x3c2/0x780 [ 147.627314][ T1423] ? __pfx_kthread+0x10/0x10 [ 147.627324][ T1423] ? rcu_is_watching+0x12/0xc0 [ 147.627336][ T1423] ? __pfx_kthread+0x10/0x10 [ 147.627346][ T1423] ret_from_fork+0x5d4/0x6f0 [ 147.627356][ T1423] ? __pfx_kthread+0x10/0x10 [ 147.627365][ T1423] ret_from_fork_asm+0x1a/0x30 [ 147.627381][ T1423] [ 147.627384][ T1423] [ 147.688577][ T1423] Allocated by task 8091: [ 147.689957][ T1423] kasan_save_stack+0x33/0x60 [ 147.691449][ T1423] kasan_save_track+0x14/0x30 [ 147.692943][ T1423] __kasan_kmalloc+0xaa/0xb0 [ 147.694409][ T1423] alloc_tty_struct+0x96/0x8c0 [ 147.695922][ T1423] tty_init_dev.part.0+0x1e/0x500 [ 147.697516][ T1423] tty_open+0xa50/0xf90 [ 147.698833][ T1423] chrdev_open+0x231/0x6a0 [ 147.700247][ T1423] do_dentry_open+0x982/0x1530 [ 147.701761][ T1423] vfs_open+0x82/0x3f0 [ 147.703079][ T1423] path_openat+0x1de4/0x2cb0 [ 147.704539][ T1423] do_filp_open+0x20b/0x470 [ 147.705982][ T1423] do_sys_openat2+0x11b/0x1d0 [ 147.707468][ T1423] __x64_sys_openat+0x174/0x210 [ 147.709030][ T1423] do_syscall_64+0xcd/0x4c0 [ 147.710466][ T1423] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.712321][ T1423] [ 147.713101][ T1423] Freed by task 6877: [ 147.714363][ T1423] kasan_save_stack+0x33/0x60 [ 147.715847][ T1423] kasan_save_track+0x14/0x30 [ 147.717342][ T1423] kasan_save_free_info+0x3b/0x60 [ 147.718929][ T1423] __kasan_slab_free+0x60/0x70 [ 147.720440][ T1423] kfree+0x2b4/0x4d0 [ 147.721691][ T1423] process_one_work+0x9cc/0x1b70 [ 147.723257][ T1423] worker_thread+0x6c8/0xf10 [ 147.724721][ T1423] kthread+0x3c2/0x780 [ 147.726012][ T1423] ret_from_fork+0x5d4/0x6f0 [ 147.727471][ T1423] ret_from_fork_asm+0x1a/0x30 [ 147.728996][ T1423] [ 147.729765][ T1423] Last potentially related work creation: [ 147.731542][ T1423] kasan_save_stack+0x33/0x60 [ 147.733032][ T1423] kasan_record_aux_stack+0xa7/0xc0 [ 147.734668][ T1423] insert_work+0x36/0x230 [ 147.736036][ T1423] __queue_work+0x97e/0x1160 [ 147.737501][ T1423] queue_work_on+0x1a4/0x1f0 [ 147.738958][ T1423] release_tty+0x4de/0x5d0 [ 147.740372][ T1423] tty_release_struct+0xb7/0xe0 [ 147.741941][ T1423] tty_release+0xe2d/0x1430 [ 147.743420][ T1423] __fput+0x3ff/0xb70 [ 147.744696][ T1423] task_work_run+0x150/0x240 [ 147.746155][ T1423] do_exit+0x86f/0x2bf0 [ 147.747473][ T1423] do_group_exit+0xd3/0x2a0 [ 147.748926][ T1423] get_signal+0x2673/0x26d0 [ 147.750367][ T1423] arch_do_signal_or_restart+0x8f/0x7d0 [ 147.752111][ T1423] exit_to_user_mode_loop+0x84/0x110 [ 147.753783][ T1423] do_syscall_64+0x3f6/0x4c0 [ 147.755248][ T1423] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.756526][ T63] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 147.757109][ T1423] [ 147.757113][ T1423] The buggy address belongs to the object at ffff8880220c8000 [ 147.757113][ T1423] which belongs to the cache kmalloc-cg-2k of size 2048 [ 147.757123][ T1423] The buggy address is located 32 bytes inside of [ 147.757123][ T1423] freed 2048-byte region [ffff8880220c8000, ffff8880220c8800) [ 147.760902][ T63] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 147.764514][ T1423] [ 147.764519][ T1423] The buggy address belongs to the physical page: [ 147.764524][ T1423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x220c8 [ 147.764535][ T1423] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 147.764542][ T1423] memcg:ffff88802618a001 [ 147.764546][ T1423] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 147.764556][ T1423] page_type: f5(slab) [ 147.764565][ T1423] raw: 00fff00000000040 ffff88801b84c140 0000000000000000 dead000000000001 [ 147.764574][ T1423] raw: 0000000000000000 0000000000080008 00000000f5000000 ffff88802618a001 [ 147.764597][ T1423] head: 00fff00000000040 ffff88801b84c140 0000000000000000 dead000000000001 [ 147.764607][ T1423] head: 0000000000000000 0000000000080008 00000000f5000000 ffff88802618a001 [ 147.764616][ T1423] head: 00fff00000000003 ffffea0000883201 00000000ffffffff 00000000ffffffff [ 147.769792][ T63] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 147.770976][ T1423] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 147.772741][ T63] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 147.773780][ T1423] page dumped because: kasan: bad access detected [ 147.773787][ T1423] page_owner tracks the page as allocated [ 147.776875][ T63] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 147.779117][ T1423] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5887, tgid 5887 (sshd-session), ts 39254445585, free_ts 39131315629 [ 147.816898][ T1423] post_alloc_hook+0x1c0/0x230 [ 147.818423][ T1423] get_page_from_freelist+0x132b/0x38e0 [ 147.820155][ T1423] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 147.822091][ T1423] alloc_pages_mpol+0x1fb/0x550 [ 147.823682][ T1423] new_slab+0x247/0x330 [ 147.825403][ T1423] ___slab_alloc+0xcf2/0x1750 [ 147.827429][ T1423] __slab_alloc.constprop.0+0x56/0xb0 [ 147.829753][ T1423] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 147.832486][ T1423] kmalloc_reserve+0xef/0x2c0 [ 147.834532][ T1423] __alloc_skb+0x166/0x380 [ 147.836453][ T1423] alloc_skb_with_frags+0xe0/0x860 [ 147.838654][ T1423] sock_alloc_send_pskb+0x7fb/0x990 [ 147.840886][ T1423] unix_stream_sendmsg+0x39f/0x1340 [ 147.843124][ T1423] sock_write_iter+0x4fc/0x5b0 [ 147.845088][ T1423] vfs_write+0x7d3/0x11d0 [ 147.846471][ T1423] ksys_write+0x1f8/0x250 [ 147.847841][ T1423] page last free pid 5878 tgid 5878 stack trace: [ 147.849845][ T1423] __free_frozen_pages+0x7d5/0x10f0 [ 147.851490][ T1423] __folio_put+0x329/0x450 [ 147.852926][ T1423] do_exit+0x20dc/0x2bf0 [ 147.854284][ T1423] do_group_exit+0xd3/0x2a0 [ 147.855727][ T1423] __x64_sys_exit_group+0x3e/0x50 [ 147.857328][ T1423] x64_sys_call+0x14fa/0x1720 [ 147.858822][ T1423] do_syscall_64+0xcd/0x4c0 [ 147.860246][ T1423] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.862073][ T1423] [ 147.862851][ T1423] Memory state around the buggy address: [ 147.864576][ T1423] ffff8880220c7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 147.867061][ T1423] ffff8880220c7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 147.869557][ T1423] >ffff8880220c8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 147.872035][ T1423] ^ [ 147.873665][ T1423] ffff8880220c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 147.876152][ T1423] ffff8880220c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 147.878641][ T1423] ================================================================== [ 147.881885][ C1] hpet: Lost 15 RTC interrupts [ 147.884210][ T1423] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 147.886444][ T1423] CPU: 1 UID: 0 PID: 1423 Comm: aoe_tx0 Not tainted syzkaller #0 PREEMPT(full) [ 147.889240][ T1423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 147.892528][ T1423] Call Trace: [ 147.893578][ T1423] [ 147.894515][ T1423] dump_stack_lvl+0x3d/0x1f0 [ 147.895938][ T1423] vpanic+0x6e8/0x7a0 [ 147.897202][ T1423] ? __pfx_vpanic+0x10/0x10 [ 147.898650][ T1423] ? handle_tx+0x5a5/0x630 [ 147.900040][ T1423] panic+0xca/0xd0 [ 147.901222][ T1423] ? __pfx_panic+0x10/0x10 [ 147.902623][ T1423] ? check_panic_on_warn+0x1f/0xb0 [ 147.904215][ T1423] check_panic_on_warn+0xab/0xb0 [ 147.905780][ T1423] end_report+0x107/0x170 [ 147.907150][ T1423] kasan_report+0xee/0x110 [ 147.908564][ T1423] ? handle_tx+0x5a5/0x630 [ 147.909989][ T1423] handle_tx+0x5a5/0x630 [ 147.911334][ T1423] dev_hard_start_xmit+0x94/0x740 [ 147.912925][ T1423] __dev_queue_xmit+0xa46/0x4490 [ 147.914488][ T1423] ? rcu_is_watching+0x12/0xc0 [ 147.915995][ T1423] ? __pfx___dev_queue_xmit+0x10/0x10 [ 147.917677][ T1423] ? __schedule+0x11a3/0x5de0 [ 147.919169][ T1423] ? __lock_acquire+0xb97/0x1ce0 [ 147.920738][ T1423] ? do_raw_spin_lock+0x12c/0x2b0 [ 147.922342][ T1423] ? find_held_lock+0x2b/0x80 [ 147.923825][ T1423] ? skb_dequeue+0x126/0x180 [ 147.925297][ T1423] ? find_held_lock+0x2b/0x80 [ 147.926781][ T1423] ? rcu_is_watching+0x12/0xc0 [ 147.928302][ T1423] tx+0xcc/0x190 [ 147.929452][ T1423] ? __pfx_tx+0x10/0x10 [ 147.930768][ T1423] kthread+0x1e4/0x3e0 [ 147.932062][ T1423] ? find_held_lock+0x2b/0x80 [ 147.933570][ T1423] ? __pfx_kthread+0x10/0x10 [ 147.935028][ T1423] ? __pfx_default_wake_function+0x10/0x10 [ 147.936856][ T1423] ? lockdep_hardirqs_on+0x7c/0x110 [ 147.938490][ T1423] ? __kthread_parkme+0x19e/0x250 [ 147.940079][ T1423] ? __pfx_kthread+0x10/0x10 [ 147.941546][ T1423] kthread+0x3c2/0x780 [ 147.942851][ T1423] ? __pfx_kthread+0x10/0x10 [ 147.944312][ T1423] ? rcu_is_watching+0x12/0xc0 [ 147.945832][ T1423] ? __pfx_kthread+0x10/0x10 [ 147.947289][ T1423] ret_from_fork+0x5d4/0x6f0 [ 147.948775][ T1423] ? __pfx_kthread+0x10/0x10 [ 147.950237][ T1423] ret_from_fork_asm+0x1a/0x30 [ 147.951751][ T1423] [ 147.953452][ T1423] Kernel Offset: disabled [ 147.954818][ T1423] Rebooting in 86400 seconds.. VM DIAGNOSIS: 01:26:43 Registers: info registers vcpu 0 CPU#0 RAX=00000000005cf8f5 RBX=0000000000000000 RCX=ffffffff8b946c29 RDX=0000000000000000 RSI=ffffffff8de52618 RDI=ffffffff8c162d00 RBP=fffffbfff1c52ef8 RSP=ffffffff8e207e08 R8 =0000000000000001 R9 =ffffed100d486655 R10=ffff88806a4332ab R11=0000000000000000 R12=0000000000000000 R13=ffffffff8e2977c0 R14=ffffffff90ab6d90 R15=0000000000000000 RIP=ffffffff8b94578f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d66b5000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055d0da7f4be0 CR3=00000000340e9000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000001 Opmask01=0000000000000000 Opmask02=0000000006000000 Opmask03=0000000000000000 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff69b8fa4b 00007fff69b8fa4b ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff69b8ff50 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff69b8ff50 0000003000000018 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6b636f735f6b636f 73763d7373616c63 7420745f6d646173 79733a725f6d6400 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6163657355616365 7376377373616663 7420745567646173 7373307255676400 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6320373633383d64 69702020726f6620 7d20736e6172745f 6f6e5f6574756365 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 78652d7a79732f22 3d68746170202272 6f7475636578652d 7a7973223d6d6d6f ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 313d657669737369 6d72657020656c69 663d7373616c6374 20745f656d69746e ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 75725f6374653a72 5f7463656a626f3a 746f6f723d747865 746e6f637420745f ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6d64617379733a72 5f6d64617379733a 746f6f723d747865 746e6f6373203032 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 30323d6f6e692022 31616473223d7665 642022726f747563 6578652d7a79732f ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff85647d30 RDI=ffffffff9b1150a0 RBP=ffffffff9b115060 RSP=ffffc9000746f400 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000020 R14=fffffbfff3622a66 R15=dffffc0000000000 RIP=ffffffff85647d57 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d67b5000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007ff94a7f5f98 CR3=000000005c1b5000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcfa211c46 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcfa211c46 00007ffcfa211c4c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff949a12e46 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff949a12e53 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff949a12e4d ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff949a12e61 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff949a12ee7 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff949a12fc5 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff949ba74a8 00007ff949ba74a0 00007ff949ba7498 00007ff949ba7470 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff94a70d100 00007ff949ba7460 00007ff949ba7478 00007ff949ba74c0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff949ba74b8 00007ff949ba74b0 00007ff949ba74a8 00007ff949ba74a0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000046 RBX=0000000000000002 RCX=0000000000000001 RDX=0000000000000000 RSI=ffffffff8df45d3a RDI=ffffffff8c162d00 RBP=0000000000000002 RSP=ffffc90004a5f2c8 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=000000000003955c R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff8b9473cd RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 000055555caa3500 ffffffff 00c00000 GS =0000 ffff8880d68b5000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fd92edd6038 CR3=0000000053cc4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fffc0000 Opmask01=000000000000000f Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 20303d766765735f 656c646e61683d53 4e4f4954504f5f4e 4153410063657865 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd92f90d100 00007fd92eda7460 00007fd92eda7478 00007fd92eda74c0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3d534e4f4954504f 5f4e415341006365 786500726f747563 6578652d7a79732f ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000003f0eb1 RBX=0000000000000003 RCX=ffffffff8b946c29 RDX=0000000000000000 RSI=ffffffff8de52618 RDI=ffffffff8c162d00 RBP=ffffed1003c55000 RSP=ffffc90000197df8 R8 =0000000000000001 R9 =ffffed100d4e6655 R10=ffff88806a7332ab R11=0000000000000000 R12=0000000000000003 R13=ffff88801e2a8000 R14=ffffffff90ab6d90 R15=0000000000000000 RIP=ffffffff8b94578f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d69b5000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007ff60e600218 CR3=000000000e380000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000c0fffc00 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055558a426498 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000300000014 0000000200000021 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff6151a7d20 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000000e ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055558a430af3 000055558a4309f0 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000003bf12 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 04060075d800236f 656469762f766564 000000000000000b 0000555000000001 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 080002e003001000 02d00300100002c0 0302100000000029 fffff7de00000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 84030004000d8003 4080a0a010000280 040100000000002a 015fe60400000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 749c0101dc10000d 80040100000e0806 060104b60000002b 000d880300000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ff6151a7db0 00007ff6151a7db0 000000000000002c 0180040000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 100005b982080001 00000e080606101e 98108004088285b9 8c0800010000002f ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0606011f00000000 b003048081808010 0010a00300100010 900300080000002e ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0008001000000000 0005b88208000100 000c0806060e1e9a 000400000000002d ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0401c71000000000 00007ff6151a7db0 00007ff6151a7db0 000000000000002c ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000